version 1.265, 2015/02/24 15:24:05 |
version 1.269, 2015/04/17 13:19:22 |
|
|
{ |
{ |
u_int maxbits, nid; |
u_int maxbits, nid; |
|
|
if (type == KEY_UNSPEC) { |
if (type == KEY_UNSPEC) |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
fatal("unknown key type %s", key_type_name); |
exit(1); |
|
} |
|
if (*bitsp == 0) { |
if (*bitsp == 0) { |
if (type == KEY_DSA) |
if (type == KEY_DSA) |
*bitsp = DEFAULT_BITS_DSA; |
*bitsp = DEFAULT_BITS_DSA; |
|
|
} |
} |
maxbits = (type == KEY_DSA) ? |
maxbits = (type == KEY_DSA) ? |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
if (*bitsp > maxbits) { |
if (*bitsp > maxbits) |
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
fatal("key bits exceeds maximum %d", maxbits); |
exit(1); |
|
} |
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
if (type == KEY_DSA && *bitsp != 1024) |
if (type == KEY_DSA && *bitsp != 1024) |
fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
|
|
name = _PATH_SSH_CLIENT_ID_ED25519; |
name = _PATH_SSH_CLIENT_ID_ED25519; |
break; |
break; |
default: |
default: |
fprintf(stderr, "bad key type\n"); |
fatal("bad key type"); |
exit(1); |
|
break; |
|
} |
} |
} |
} |
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); |
snprintf(identity_file, sizeof(identity_file), |
fprintf(stderr, "%s (%s): ", prompt, identity_file); |
"%s/%s", pw->pw_dir, name); |
|
printf("%s (%s): ", prompt, identity_file); |
|
fflush(stdout); |
if (fgets(buf, sizeof(buf), stdin) == NULL) |
if (fgets(buf, sizeof(buf), stdin) == NULL) |
exit(1); |
exit(1); |
buf[strcspn(buf, "\n")] = '\0'; |
buf[strcspn(buf, "\n")] = '\0'; |
|
|
char comment[61]; |
char comment[61]; |
int r; |
int r; |
|
|
if (k->type == KEY_RSA1) { |
if (k->type == KEY_RSA1) |
fprintf(stderr, "version 1 keys are not supported\n"); |
fatal("version 1 keys are not supported"); |
exit(1); |
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) |
} |
fatal("key_to_blob failed: %s", ssh_err(r)); |
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) { |
|
fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r)); |
|
exit(1); |
|
} |
|
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
snprintf(comment, sizeof(comment), |
snprintf(comment, sizeof(comment), |
"%u-bit %s, converted by %s@%s from OpenSSH", |
"%u-bit %s, converted by %s@%s from OpenSSH", |
|
|
|
|
line[0] = '\0'; |
line[0] = '\0'; |
while ((c = fgetc(fp)) != EOF) { |
while ((c = fgetc(fp)) != EOF) { |
if (pos >= len - 1) { |
if (pos >= len - 1) |
fprintf(stderr, "input line too long.\n"); |
fatal("input line too long."); |
exit(1); |
|
} |
|
switch (c) { |
switch (c) { |
case '\r': |
case '\r': |
c = fgetc(fp); |
c = fgetc(fp); |
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { |
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) |
fprintf(stderr, "unget: %s\n", strerror(errno)); |
fatal("unget: %s", strerror(errno)); |
exit(1); |
|
} |
|
return pos; |
return pos; |
case '\n': |
case '\n': |
return pos; |
return pos; |
|
|
(encoded[len-3] == '=')) |
(encoded[len-3] == '=')) |
encoded[len-3] = '\0'; |
encoded[len-3] = '\0'; |
blen = uudecode(encoded, blob, sizeof(blob)); |
blen = uudecode(encoded, blob, sizeof(blob)); |
if (blen < 0) { |
if (blen < 0) |
fprintf(stderr, "uudecode failed.\n"); |
fatal("uudecode failed."); |
exit(1); |
|
} |
|
if (*private) |
if (*private) |
*k = do_convert_private_ssh2_from_blob(blob, blen); |
*k = do_convert_private_ssh2_from_blob(blob, blen); |
else if ((r = sshkey_from_blob(blob, blen, k)) != 0) { |
else if ((r = sshkey_from_blob(blob, blen, k)) != 0) |
fprintf(stderr, "decode blob failed: %s\n", ssh_err(r)); |
fatal("decode blob failed: %s", ssh_err(r)); |
exit(1); |
|
} |
|
fclose(fp); |
fclose(fp); |
} |
} |
|
|
|
|
} |
} |
} |
} |
|
|
if (!ok) { |
if (!ok) |
fprintf(stderr, "key write failed\n"); |
fatal("key write failed"); |
exit(1); |
|
} |
|
sshkey_free(k); |
sshkey_free(k); |
exit(0); |
exit(0); |
} |
} |
|
|
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
if (stat(identity_file, &st) < 0) { |
if (stat(identity_file, &st) < 0) |
perror(identity_file); |
fatal("%s: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
prv = load_identity(identity_file); |
prv = load_identity(identity_file); |
if ((r = sshkey_write(prv, stdout)) != 0) |
if ((r = sshkey_write(prv, stdout)) != 0) |
fprintf(stderr, "key_write failed: %s", ssh_err(r)); |
error("key_write failed: %s", ssh_err(r)); |
sshkey_free(prv); |
sshkey_free(prv); |
fprintf(stdout, "\n"); |
fprintf(stdout, "\n"); |
exit(0); |
exit(0); |
|
|
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
if (stat(identity_file, &st) < 0) { |
if (stat(identity_file, &st) < 0) |
perror(identity_file); |
fatal("%s: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) |
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) |
debug2("Error loading public key \"%s\": %s", |
debug2("Error loading public key \"%s\": %s", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
|
|
} |
} |
fclose(f); |
fclose(f); |
|
|
if (invalid) { |
if (invalid) |
printf("%s is not a public key file.\n", identity_file); |
fatal("%s is not a public key file.", identity_file); |
exit(1); |
|
} |
|
exit(0); |
exit(0); |
} |
} |
|
|
|
|
char *key_type_display; |
char *key_type_display; |
char *path; |
char *path; |
} key_types[] = { |
} key_types[] = { |
|
#ifdef WITH_OPENSSL |
|
#ifdef WITH_SSH1 |
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, |
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, |
|
#endif /* WITH_SSH1 */ |
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, |
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, |
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, |
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, |
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, |
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, |
|
#endif /* WITH_OPENSSL */ |
{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, |
{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, |
{ NULL, NULL, NULL } |
{ NULL, NULL, NULL } |
}; |
}; |
|
|
if (stat(key_types[i].path, &st) == 0) |
if (stat(key_types[i].path, &st) == 0) |
continue; |
continue; |
if (errno != ENOENT) { |
if (errno != ENOENT) { |
printf("Could not stat %s: %s", key_types[i].path, |
error("Could not stat %s: %s", key_types[i].path, |
strerror(errno)); |
strerror(errno)); |
first = 0; |
first = 0; |
continue; |
continue; |
|
|
bits = 0; |
bits = 0; |
type_bits_valid(type, NULL, &bits); |
type_bits_valid(type, NULL, &bits); |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
fprintf(stderr, "key_generate failed: %s\n", |
error("key_generate failed: %s", ssh_err(r)); |
ssh_err(r)); |
|
first = 0; |
first = 0; |
continue; |
continue; |
} |
} |
|
|
hostname); |
hostname); |
if ((r = sshkey_save_private(private, identity_file, "", |
if ((r = sshkey_save_private(private, identity_file, "", |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
printf("Saving key \"%s\" failed: %s\n", identity_file, |
error("Saving key \"%s\" failed: %s", |
ssh_err(r)); |
identity_file, ssh_err(r)); |
sshkey_free(private); |
sshkey_free(private); |
sshkey_free(public); |
sshkey_free(public); |
first = 0; |
first = 0; |
|
|
strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
if (fd == -1) { |
if (fd == -1) { |
printf("Could not save your public key in %s\n", |
error("Could not save your public key in %s", |
identity_file); |
identity_file); |
sshkey_free(public); |
sshkey_free(public); |
first = 0; |
first = 0; |
|
|
} |
} |
f = fdopen(fd, "w"); |
f = fdopen(fd, "w"); |
if (f == NULL) { |
if (f == NULL) { |
printf("fdopen %s failed\n", identity_file); |
error("fdopen %s failed", identity_file); |
close(fd); |
close(fd); |
sshkey_free(public); |
sshkey_free(public); |
first = 0; |
first = 0; |
continue; |
continue; |
} |
} |
if ((r = sshkey_write(public, f)) != 0) { |
if ((r = sshkey_write(public, f)) != 0) { |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
error("write key failed: %s", ssh_err(r)); |
fclose(f); |
fclose(f); |
sshkey_free(public); |
sshkey_free(public); |
first = 0; |
first = 0; |
|
|
has_wild || l->marker != MRK_NONE) { |
has_wild || l->marker != MRK_NONE) { |
fprintf(ctx->out, "%s\n", l->line); |
fprintf(ctx->out, "%s\n", l->line); |
if (has_wild && !find_host) { |
if (has_wild && !find_host) { |
fprintf(stderr, "%s:%ld: ignoring host name " |
logit("%s:%ld: ignoring host name " |
"with wildcard: %.64s\n", l->path, |
"with wildcard: %.64s", l->path, |
l->linenum, l->hosts); |
l->linenum, l->hosts); |
} |
} |
return 0; |
return 0; |
|
|
case HKF_STATUS_INVALID: |
case HKF_STATUS_INVALID: |
/* Retain invalid lines, but mark file as invalid. */ |
/* Retain invalid lines, but mark file as invalid. */ |
ctx->invalid = 1; |
ctx->invalid = 1; |
fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum); |
logit("%s:%ld: invalid line", l->path, l->linenum); |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
default: |
default: |
fprintf(ctx->out, "%s\n", l->line); |
fprintf(ctx->out, "%s\n", l->line); |
|
|
/* Retain non-matching hosts when deleting */ |
/* Retain non-matching hosts when deleting */ |
if (l->status == HKF_STATUS_INVALID) { |
if (l->status == HKF_STATUS_INVALID) { |
ctx->invalid = 1; |
ctx->invalid = 1; |
fprintf(stderr, "%s:%ld: invalid line\n", |
logit("%s:%ld: invalid line", l->path, l->linenum); |
l->path, l->linenum); |
|
} |
} |
fprintf(ctx->out, "%s\n", l->line); |
fprintf(ctx->out, "%s\n", l->line); |
} |
} |
|
|
fclose(ctx.out); |
fclose(ctx.out); |
|
|
if (ctx.invalid) { |
if (ctx.invalid) { |
fprintf(stderr, "%s is not a valid known_hosts file.\n", |
error("%s is not a valid known_hosts file.", identity_file); |
identity_file); |
|
if (inplace) { |
if (inplace) { |
fprintf(stderr, "Not replacing existing known_hosts " |
error("Not replacing existing known_hosts " |
"file because of errors\n"); |
"file because of errors"); |
unlink(tmp); |
unlink(tmp); |
} |
} |
exit(1); |
exit(1); |
} else if (delete_host && !ctx.found_key) { |
} else if (delete_host && !ctx.found_key) { |
fprintf(stderr, "Host %s not found in %s\n", |
logit("Host %s not found in %s", name, identity_file); |
name, identity_file); |
|
unlink(tmp); |
unlink(tmp); |
} else if (inplace) { |
} else if (inplace) { |
/* Backup existing file */ |
/* Backup existing file */ |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
fprintf(stderr, "%s updated.\n", identity_file); |
printf("%s updated.\n", identity_file); |
fprintf(stderr, "Original contents retained as %s\n", old); |
printf("Original contents retained as %s\n", old); |
if (ctx.has_unhashed) { |
if (ctx.has_unhashed) { |
fprintf(stderr, "WARNING: %s contains unhashed " |
logit("WARNING: %s contains unhashed entries", old); |
"entries\n", old); |
logit("Delete this file to ensure privacy " |
fprintf(stderr, "Delete this file to ensure privacy " |
"of hostnames"); |
"of hostnames\n"); |
|
} |
} |
} |
} |
|
|
|
|
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
if (stat(identity_file, &st) < 0) { |
if (stat(identity_file, &st) < 0) |
perror(identity_file); |
fatal("%s: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
/* Try to load the file with empty passphrase. */ |
/* Try to load the file with empty passphrase. */ |
r = sshkey_load_private(identity_file, "", &private, &comment); |
r = sshkey_load_private(identity_file, "", &private, &comment); |
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
|
|
goto badkey; |
goto badkey; |
} else if (r != 0) { |
} else if (r != 0) { |
badkey: |
badkey: |
fprintf(stderr, "Failed to load key \"%s\": %s\n", |
fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
|
exit(1); |
|
} |
} |
printf("Key has comment '%s'\n", comment); |
if (comment) |
|
printf("Key has comment '%s'\n", comment); |
|
|
/* Ask the new passphrase (twice). */ |
/* Ask the new passphrase (twice). */ |
if (identity_new_passphrase) { |
if (identity_new_passphrase) { |
|
|
/* Save the file using the new passphrase. */ |
/* Save the file using the new passphrase. */ |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
printf("Saving key \"%s\" failed: %s.\n", |
error("Saving key \"%s\" failed: %s.", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
explicit_bzero(passphrase1, strlen(passphrase1)); |
explicit_bzero(passphrase1, strlen(passphrase1)); |
free(passphrase1); |
free(passphrase1); |
|
|
if (stat(fname, &st) < 0) { |
if (stat(fname, &st) < 0) { |
if (errno == ENOENT) |
if (errno == ENOENT) |
return 0; |
return 0; |
perror(fname); |
fatal("%s: %s", fname, strerror(errno)); |
exit(1); |
|
} |
} |
if ((r = sshkey_load_public(fname, &public, &comment)) != 0) { |
if ((r = sshkey_load_public(fname, &public, &comment)) != 0) |
printf("Failed to read v2 public key from \"%s\": %s.\n", |
fatal("Failed to read v2 public key from \"%s\": %s.", |
fname, ssh_err(r)); |
fname, ssh_err(r)); |
exit(1); |
|
} |
|
export_dns_rr(hname, public, stdout, print_generic); |
export_dns_rr(hname, public, stdout, print_generic); |
sshkey_free(public); |
sshkey_free(public); |
free(comment); |
free(comment); |
|
|
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
if (stat(identity_file, &st) < 0) { |
if (stat(identity_file, &st) < 0) |
perror(identity_file); |
fatal("%s: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
if ((r = sshkey_load_private(identity_file, "", |
if ((r = sshkey_load_private(identity_file, "", |
&private, &comment)) == 0) |
&private, &comment)) == 0) |
passphrase = xstrdup(""); |
passphrase = xstrdup(""); |
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { |
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
printf("Cannot load private key \"%s\": %s.\n", |
fatal("Cannot load private key \"%s\": %s.", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
exit(1); |
else { |
} else { |
|
if (identity_passphrase) |
if (identity_passphrase) |
passphrase = xstrdup(identity_passphrase); |
passphrase = xstrdup(identity_passphrase); |
else if (identity_new_passphrase) |
else if (identity_new_passphrase) |
|
|
&private, &comment)) != 0) { |
&private, &comment)) != 0) { |
explicit_bzero(passphrase, strlen(passphrase)); |
explicit_bzero(passphrase, strlen(passphrase)); |
free(passphrase); |
free(passphrase); |
printf("Cannot load private key \"%s\": %s.\n", |
fatal("Cannot load private key \"%s\": %s.", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
exit(1); |
|
} |
} |
} |
} |
|
/* XXX what about new-format keys? */ |
if (private->type != KEY_RSA1) { |
if (private->type != KEY_RSA1) { |
fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); |
error("Comments are only supported for RSA1 keys."); |
|
explicit_bzero(passphrase, strlen(passphrase)); |
sshkey_free(private); |
sshkey_free(private); |
exit(1); |
exit(1); |
} |
} |
|
|
/* Save the file using the new passphrase. */ |
/* Save the file using the new passphrase. */ |
if ((r = sshkey_save_private(private, identity_file, passphrase, |
if ((r = sshkey_save_private(private, identity_file, passphrase, |
new_comment, use_new_format, new_format_cipher, rounds)) != 0) { |
new_comment, use_new_format, new_format_cipher, rounds)) != 0) { |
printf("Saving key \"%s\" failed: %s\n", |
error("Saving key \"%s\" failed: %s", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
explicit_bzero(passphrase, strlen(passphrase)); |
explicit_bzero(passphrase, strlen(passphrase)); |
free(passphrase); |
free(passphrase); |
|
|
|
|
strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
if (fd == -1) { |
if (fd == -1) |
printf("Could not save your public key in %s\n", identity_file); |
fatal("Could not save your public key in %s", identity_file); |
exit(1); |
|
} |
|
f = fdopen(fd, "w"); |
f = fdopen(fd, "w"); |
if (f == NULL) { |
if (f == NULL) |
printf("fdopen %s failed\n", identity_file); |
fatal("fdopen %s failed: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
if ((r = sshkey_write(public, f)) != 0) |
if ((r = sshkey_write(public, f)) != 0) |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
fatal("write key failed: %s", ssh_err(r)); |
sshkey_free(public); |
sshkey_free(public); |
fprintf(f, " %s\n", new_comment); |
fprintf(f, " %s\n", new_comment); |
fclose(f); |
fclose(f); |
|
|
break; |
break; |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
default: |
default: |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
fatal("unknown key type %s", key_type_name); |
exit(1); |
|
} |
} |
} |
} |
|
|
|
|
|
|
/* we need this for the home * directory. */ |
/* we need this for the home * directory. */ |
pw = getpwuid(getuid()); |
pw = getpwuid(getuid()); |
if (!pw) { |
if (!pw) |
printf("No user exists for uid %lu\n", (u_long)getuid()); |
fatal("No user exists for uid %lu", (u_long)getuid()); |
exit(1); |
if (gethostname(hostname, sizeof(hostname)) < 0) |
} |
fatal("gethostname: %s", strerror(errno)); |
if (gethostname(hostname, sizeof(hostname)) < 0) { |
|
perror("gethostname"); |
|
exit(1); |
|
} |
|
|
|
/* Remaining characters: UYdw */ |
/* Remaining characters: UYdw */ |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
|
|
|
|
if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
if (argc < 1 && !gen_krl) { |
if (argc < 1 && !gen_krl) { |
printf("Too few arguments.\n"); |
error("Too few arguments."); |
usage(); |
usage(); |
} |
} |
} else if (argc > 0 && !gen_krl && !check_krl) { |
} else if (argc > 0 && !gen_krl && !check_krl) { |
printf("Too many arguments.\n"); |
error("Too many arguments."); |
usage(); |
usage(); |
} |
} |
if (change_passphrase && change_comment) { |
if (change_passphrase && change_comment) { |
printf("Can only have one of -p and -c.\n"); |
error("Can only have one of -p and -c."); |
usage(); |
usage(); |
} |
} |
if (print_fingerprint && (delete_host || hash_hosts)) { |
if (print_fingerprint && (delete_host || hash_hosts)) { |
printf("Cannot use -l with -H or -R.\n"); |
error("Cannot use -l with -H or -R."); |
usage(); |
usage(); |
} |
} |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
|
|
if (have_identity) { |
if (have_identity) { |
n = do_print_resource_record(pw, |
n = do_print_resource_record(pw, |
identity_file, rr_hostname); |
identity_file, rr_hostname); |
if (n == 0) { |
if (n == 0) |
perror(identity_file); |
fatal("%s: %s", identity_file, strerror(errno)); |
exit(1); |
|
} |
|
exit(0); |
exit(0); |
} else { |
} else { |
|
|
|
|
if (!quiet) |
if (!quiet) |
printf("Generating public/private %s key pair.\n", |
printf("Generating public/private %s key pair.\n", |
key_type_name); |
key_type_name); |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
if ((r = sshkey_generate(type, bits, &private)) != 0) |
fprintf(stderr, "key_generate failed\n"); |
fatal("key_generate failed"); |
exit(1); |
if ((r = sshkey_from_private(private, &public)) != 0) |
} |
fatal("key_from_private failed: %s\n", ssh_err(r)); |
if ((r = sshkey_from_private(private, &public)) != 0) { |
|
fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r)); |
|
exit(1); |
|
} |
|
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which to save the key"); |
ask_filename(pw, "Enter file in which to save the key"); |
|
|
/* Save the key with the given passphrase and comment. */ |
/* Save the key with the given passphrase and comment. */ |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
printf("Saving key \"%s\" failed: %s\n", |
error("Saving key \"%s\" failed: %s", |
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
explicit_bzero(passphrase1, strlen(passphrase1)); |
explicit_bzero(passphrase1, strlen(passphrase1)); |
free(passphrase1); |
free(passphrase1); |
|
|
printf("Your identification has been saved in %s.\n", identity_file); |
printf("Your identification has been saved in %s.\n", identity_file); |
|
|
strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
if (fd == -1) { |
fatal("Unable to save public key to %s: %s", |
printf("Could not save your public key in %s\n", identity_file); |
identity_file, strerror(errno)); |
exit(1); |
if ((f = fdopen(fd, "w")) == NULL) |
} |
fatal("fdopen %s failed: %s", identity_file, strerror(errno)); |
f = fdopen(fd, "w"); |
|
if (f == NULL) { |
|
printf("fdopen %s failed\n", identity_file); |
|
exit(1); |
|
} |
|
if ((r = sshkey_write(public, f)) != 0) |
if ((r = sshkey_write(public, f)) != 0) |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
error("write key failed: %s", ssh_err(r)); |
fprintf(f, " %s\n", comment); |
fprintf(f, " %s\n", comment); |
fclose(f); |
fclose(f); |
|
|