summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-12-15 19:47:10 +0000
committerDamien Miller <djm@mindrot.org>2019-12-16 14:19:41 +1100
commit9b6e30b96b094ad787511a5b989253e3b8fe1789 (patch)
treed26182a6a5747e9c70510b23a05e9097971ce80c
parent56584cce75f3d20aaa30befc7cbd331d922927f3 (diff)
upstream: allow ssh-keyscan to find security key hostkeys
OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3
-rw-r--r--ssh-keyscan.c24
1 files changed, 21 insertions, 3 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5de0508d..a5e64407 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -61,12 +61,14 @@ int ssh_port = SSH_DEFAULT_PORT;
#define KT_ECDSA (1<<2)
#define KT_ED25519 (1<<3)
#define KT_XMSS (1<<4)
+#define KT_ECDSA_SK (1<<5)
+#define KT_ED25519_SK (1<<6)
#define KT_MIN KT_DSA
-#define KT_MAX KT_XMSS
+#define KT_MAX KT_ED25519_SK
int get_cert = 0;
-int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
+int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK;
int hash_hosts = 0; /* Hash hostname on output */
@@ -259,6 +261,16 @@ keygrab_ssh2(con *c)
"ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp521";
break;
+ case KT_ECDSA_SK:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" :
+ "sk-ecdsa-sha2-nistp256@openssh.com";
+ break;
+ case KT_ED25519_SK:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+ "sk-ssh-ed25519-cert-v01@openssh.com" :
+ "sk-ssh-ed25519@openssh.com";
+ break;
default:
fatal("unknown key type %d", c->c_keytype);
break;
@@ -735,6 +747,12 @@ main(int argc, char **argv)
case KEY_XMSS:
get_keytypes |= KT_XMSS;
break;
+ case KEY_ED25519_SK:
+ get_keytypes |= KT_ED25519_SK;
+ break;
+ case KEY_ECDSA_SK:
+ get_keytypes |= KT_ECDSA_SK;
+ break;
case KEY_UNSPEC:
default:
fatal("Unknown key type \"%s\"", tname);