ssh-keyscan for ssh2 (was Re: openssh-2.9p1)
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Sat May 19 02:21:19 EST 2001
On Thu, May 17, 2001 at 08:47:39PM -0700, Wayne Davison wrote:
> On Mon, 14 May 2001, Peter Breitenlohner wrote:
> > 2. Is there a program like ssh-keyscan for the Version2 (dsa and rsa) keys??
>
> Here's my first cut at modifying ssh-keyscan to output either/both ssh1
> and ssh2 keys. It defaults to working as it did before (outputting just
> the ssh1 rsa keys), but you can ask for either or both by using the -1
this is a nice patch.
> +Key *
> +keygrab_dsa(con *c)
> +{
> + Key *key;
> +
> + packet_set_connection(c->c_fd, c->c_fd);
> + packet_set_ssh2_format();
you need this if you want to select DSA vs RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-dss";
> + c->c_kex = kex_setup(myproposal);
> + c->c_kex->check_host_key = hostjump;
> +
> + if (!(key = (Key*)setjmp(kexjmp))) {
> + dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
> + fprintf(stderr, "Impossible! dispatch_run() returned!\n");
> + exit(1);
> + }
xfree(c->c_kex);
c->c_kex = NULL;
> + packet_close();
it would be nice if packet.c could handle multiple packet-layer instances.
this would allow building application layer ssh proxies (mitm), too.
-m
More information about the openssh-unix-dev
mailing list