| version 1.257, 2015/01/18 21:51:19 |
version 1.261, 2015/01/30 01:10:33 |
|
|
| fatal("%s: unknown key format %d", __func__, convert_format); |
fatal("%s: unknown key format %d", __func__, convert_format); |
| } |
} |
| |
|
| if (!private) |
if (!private) { |
| if ((r = sshkey_write(k, stdout)) == 0) |
if ((r = sshkey_write(k, stdout)) == 0) |
| ok = 1; |
ok = 1; |
| if (ok) |
if (ok) |
| fprintf(stdout, "\n"); |
fprintf(stdout, "\n"); |
| else { |
} else { |
| switch (k->type) { |
switch (k->type) { |
| case KEY_DSA: |
case KEY_DSA: |
| ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, |
ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, |
|
|
| fp = sshkey_fingerprint(keys[i], fptype, rep); |
fp = sshkey_fingerprint(keys[i], fptype, rep); |
| ra = sshkey_fingerprint(keys[i], fingerprint_hash, |
ra = sshkey_fingerprint(keys[i], fingerprint_hash, |
| SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
| |
if (fp == NULL || ra == NULL) |
| |
fatal("%s: sshkey_fingerprint fail", __func__); |
| printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), |
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), |
| fp, sshkey_type(keys[i])); |
fp, sshkey_type(keys[i])); |
| if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
| fp = sshkey_fingerprint(public, fptype, rep); |
fp = sshkey_fingerprint(public, fptype, rep); |
| ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
| SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
| |
if (fp == NULL || ra == NULL) |
| |
fatal("%s: sshkey_fingerprint fail", __func__); |
| printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, |
| sshkey_type(public)); |
sshkey_type(public)); |
| if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
| fp = sshkey_fingerprint(public, fptype, rep); |
fp = sshkey_fingerprint(public, fptype, rep); |
| ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
| SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
| |
if (fp == NULL || ra == NULL) |
| |
fatal("%s: sshkey_fingerprint fail", __func__); |
| printf("%u %s %s (%s)\n", sshkey_size(public), fp, |
printf("%u %s %s (%s)\n", sshkey_size(public), fp, |
| comment ? comment : "no comment", sshkey_type(public)); |
comment ? comment : "no comment", sshkey_type(public)); |
| if (log_level >= SYSLOG_LEVEL_VERBOSE) |
if (log_level >= SYSLOG_LEVEL_VERBOSE) |
|
|
| static void |
static void |
| do_known_hosts(struct passwd *pw, const char *name) |
do_known_hosts(struct passwd *pw, const char *name) |
| { |
{ |
| char *cp, tmp[MAXPATHLEN], old[MAXPATHLEN]; |
char *cp, tmp[PATH_MAX], old[PATH_MAX]; |
| int r, fd, oerrno, inplace = 0; |
int r, fd, oerrno, inplace = 0; |
| struct known_hosts_ctx ctx; |
struct known_hosts_ctx ctx; |
| |
|
|
|
| key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
| ca_fp = sshkey_fingerprint(key->cert->signature_key, |
ca_fp = sshkey_fingerprint(key->cert->signature_key, |
| fingerprint_hash, SSH_FP_DEFAULT); |
fingerprint_hash, SSH_FP_DEFAULT); |
| |
if (key_fp == NULL || ca_fp == NULL) |
| |
fatal("%s: sshkey_fingerprint fail", __func__); |
| |
|
| printf("%s:\n", identity_file); |
printf("%s:\n", identity_file); |
| printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
|
|
| } |
} |
| |
|
| static void |
static void |
| update_krl_from_file(struct passwd *pw, const char *file, |
update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, |
| const struct sshkey *ca, struct ssh_krl *krl) |
const struct sshkey *ca, struct ssh_krl *krl) |
| { |
{ |
| struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
|
|
| if (*cp == '\0') |
if (*cp == '\0') |
| continue; |
continue; |
| if (strncasecmp(cp, "serial:", 7) == 0) { |
if (strncasecmp(cp, "serial:", 7) == 0) { |
| if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
| fatal("revoking certificates by serial number " |
fatal("revoking certificates by serial number " |
| "requires specification of a CA key"); |
"requires specification of a CA key"); |
| } |
} |
|
|
| __func__); |
__func__); |
| } |
} |
| } else if (strncasecmp(cp, "id:", 3) == 0) { |
} else if (strncasecmp(cp, "id:", 3) == 0) { |
| if (ca == NULL) { |
if (ca == NULL && !wild_ca) { |
| fatal("revoking certificates by key ID " |
fatal("revoking certificates by key ID " |
| "requires specification of a CA key"); |
"requires specification of a CA key"); |
| } |
} |
|
|
| struct ssh_krl *krl; |
struct ssh_krl *krl; |
| struct stat sb; |
struct stat sb; |
| struct sshkey *ca = NULL; |
struct sshkey *ca = NULL; |
| int fd, i, r; |
int fd, i, r, wild_ca = 0; |
| char *tmp; |
char *tmp; |
| struct sshbuf *kbuf; |
struct sshbuf *kbuf; |
| |
|
|
|
| fatal("KRL \"%s\" does not exist", identity_file); |
fatal("KRL \"%s\" does not exist", identity_file); |
| } |
} |
| if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
| tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
if (strcasecmp(ca_key_path, "none") == 0) |
| if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
wild_ca = 1; |
| fatal("Cannot load CA public key %s: %s", |
else { |
| tmp, ssh_err(r)); |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
| free(tmp); |
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) |
| |
fatal("Cannot load CA public key %s: %s", |
| |
tmp, ssh_err(r)); |
| |
free(tmp); |
| |
} |
| } |
} |
| |
|
| if (updating) |
if (updating) |
|
|
| ssh_krl_set_comment(krl, identity_comment); |
ssh_krl_set_comment(krl, identity_comment); |
| |
|
| for (i = 0; i < argc; i++) |
for (i = 0; i < argc; i++) |
| update_krl_from_file(pw, argv[i], ca, krl); |
update_krl_from_file(pw, argv[i], wild_ca, ca, krl); |
| |
|
| if ((kbuf = sshbuf_new()) == NULL) |
if ((kbuf = sshbuf_new()) == NULL) |
| fatal("sshbuf_new failed"); |
fatal("sshbuf_new failed"); |
|
|
| { |
{ |
| char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
| char *checkpoint = NULL; |
char *checkpoint = NULL; |
| char out_file[PATH_MAX], *rr_hostname = NULL, *ep; |
char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; |
| struct sshkey *private, *public; |
struct sshkey *private, *public; |
| struct passwd *pw; |
struct passwd *pw; |
| struct stat st; |
struct stat st; |
|
|
| fclose(f); |
fclose(f); |
| |
|
| if (!quiet) { |
if (!quiet) { |
| char *fp = sshkey_fingerprint(public, fingerprint_hash, |
fp = sshkey_fingerprint(public, fingerprint_hash, |
| SSH_FP_DEFAULT); |
SSH_FP_DEFAULT); |
| char *ra = sshkey_fingerprint(public, fingerprint_hash, |
ra = sshkey_fingerprint(public, fingerprint_hash, |
| SSH_FP_RANDOMART); |
SSH_FP_RANDOMART); |
| |
if (fp == NULL || ra == NULL) |
| |
fatal("sshkey_fingerprint failed"); |
| printf("Your public key has been saved in %s.\n", |
printf("Your public key has been saved in %s.\n", |
| identity_file); |
identity_file); |
| printf("The key fingerprint is:\n"); |
printf("The key fingerprint is:\n"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh