| version 1.408, 2020/05/01 04:23:11 |
version 1.413, 2020/06/26 05:02:03 |
|
|
| struct sshkey *private, *public; |
struct sshkey *private, *public; |
| char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file; |
char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file; |
| int i, type, fd, r; |
int i, type, fd, r; |
| FILE *f; |
|
| |
|
| for (i = 0; key_types[i].key_type; i++) { |
for (i = 0; key_types[i].key_type; i++) { |
| public = private = NULL; |
public = private = NULL; |
|
|
| fflush(stdout); |
fflush(stdout); |
| type = sshkey_type_from_name(key_types[i].key_type); |
type = sshkey_type_from_name(key_types[i].key_type); |
| if ((fd = mkstemp(prv_tmp)) == -1) { |
if ((fd = mkstemp(prv_tmp)) == -1) { |
| error("Could not save your public key in %s: %s", |
error("Could not save your private key in %s: %s", |
| prv_tmp, strerror(errno)); |
prv_tmp, strerror(errno)); |
| goto failnext; |
goto failnext; |
| } |
} |
| close(fd); /* just using mkstemp() to generate/reserve a name */ |
(void)close(fd); /* just using mkstemp() to reserve a name */ |
| bits = 0; |
bits = 0; |
| type_bits_valid(type, NULL, &bits); |
type_bits_valid(type, NULL, &bits); |
| if ((r = sshkey_generate(type, bits, &private)) != 0) { |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
|
|
| goto failnext; |
goto failnext; |
| } |
} |
| (void)fchmod(fd, 0644); |
(void)fchmod(fd, 0644); |
| f = fdopen(fd, "w"); |
(void)close(fd); |
| if (f == NULL) { |
if ((r = sshkey_save_public(public, pub_tmp, comment)) != 0) { |
| error("fdopen %s failed: %s", pub_tmp, strerror(errno)); |
fatal("Unable to save public key to %s: %s", |
| close(fd); |
identity_file, ssh_err(r)); |
| goto failnext; |
goto failnext; |
| } |
} |
| if ((r = sshkey_write(public, f)) != 0) { |
|
| error("write key failed: %s", ssh_err(r)); |
|
| fclose(f); |
|
| goto failnext; |
|
| } |
|
| fprintf(f, " %s\n", comment); |
|
| if (ferror(f) != 0) { |
|
| error("write key failed: %s", strerror(errno)); |
|
| fclose(f); |
|
| goto failnext; |
|
| } |
|
| if (fclose(f) != 0) { |
|
| error("key close failed: %s", strerror(errno)); |
|
| goto failnext; |
|
| } |
|
| |
|
| /* Rename temporary files to their permanent locations. */ |
/* Rename temporary files to their permanent locations. */ |
| if (rename(pub_tmp, pub_file) != 0) { |
if (rename(pub_tmp, pub_file) != 0) { |
|
|
| int r, fd, oerrno, inplace = 0; |
int r, fd, oerrno, inplace = 0; |
| struct known_hosts_ctx ctx; |
struct known_hosts_ctx ctx; |
| u_int foreach_options; |
u_int foreach_options; |
| |
struct stat sb; |
| |
|
| if (!have_identity) { |
if (!have_identity) { |
| cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
|
|
| free(cp); |
free(cp); |
| have_identity = 1; |
have_identity = 1; |
| } |
} |
| |
if (stat(identity_file, &sb) != 0) |
| |
fatal("Cannot stat %s: %s", identity_file, strerror(errno)); |
| |
|
| memset(&ctx, 0, sizeof(ctx)); |
memset(&ctx, 0, sizeof(ctx)); |
| ctx.out = stdout; |
ctx.out = stdout; |
|
|
| unlink(tmp); |
unlink(tmp); |
| fatal("fdopen: %s", strerror(oerrno)); |
fatal("fdopen: %s", strerror(oerrno)); |
| } |
} |
| |
fchmod(fd, sb.st_mode & 0644); |
| inplace = 1; |
inplace = 1; |
| } |
} |
| /* XXX support identity_file == "-" for stdin */ |
/* XXX support identity_file == "-" for stdin */ |
|
|
| struct sshkey *private; |
struct sshkey *private; |
| struct sshkey *public; |
struct sshkey *public; |
| struct stat st; |
struct stat st; |
| FILE *f; |
int r; |
| int r, fd; |
|
| |
|
| if (!have_identity) |
if (!have_identity) |
| ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
|
|
| sshkey_free(private); |
sshkey_free(private); |
| |
|
| strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
| fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0) { |
| if (fd == -1) |
fatal("Unable to save public key to %s: %s", |
| fatal("Could not save your public key in %s", identity_file); |
identity_file, ssh_err(r)); |
| f = fdopen(fd, "w"); |
} |
| if (f == NULL) |
|
| fatal("fdopen %s failed: %s", identity_file, strerror(errno)); |
|
| if ((r = sshkey_write(public, f)) != 0) |
|
| fatal("write key failed: %s", ssh_err(r)); |
|
| sshkey_free(public); |
sshkey_free(public); |
| fprintf(f, " %s\n", new_comment); |
|
| fclose(f); |
|
| |
|
| free(comment); |
free(comment); |
| |
|
| if (strlen(new_comment) > 0) |
if (strlen(new_comment) > 0) |
|
|
| unsigned long long cert_serial, int cert_serial_autoinc, |
unsigned long long cert_serial, int cert_serial_autoinc, |
| int argc, char **argv) |
int argc, char **argv) |
| { |
{ |
| int r, i, fd, found, agent_fd = -1; |
int r, i, found, agent_fd = -1; |
| u_int n; |
u_int n; |
| struct sshkey *ca, *public; |
struct sshkey *ca, *public; |
| char valid[64], *otmp, *tmp, *cp, *out, *comment; |
char valid[64], *otmp, *tmp, *cp, *out, *comment; |
| char *ca_fp = NULL, **plist = NULL; |
char *ca_fp = NULL, **plist = NULL; |
| FILE *f; |
|
| struct ssh_identitylist *agent_ids; |
struct ssh_identitylist *agent_ids; |
| size_t j; |
size_t j; |
| struct notifier_ctx *notifier = NULL; |
struct notifier_ctx *notifier = NULL; |
|
|
| xasprintf(&out, "%s-cert.pub", tmp); |
xasprintf(&out, "%s-cert.pub", tmp); |
| free(tmp); |
free(tmp); |
| |
|
| if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
if ((r = sshkey_save_public(public, out, comment)) != 0) { |
| fatal("Could not open \"%s\" for writing: %s", out, |
fatal("Unable to save public key to %s: %s", |
| strerror(errno)); |
identity_file, ssh_err(r)); |
| if ((f = fdopen(fd, "w")) == NULL) |
} |
| fatal("%s: fdopen: %s", __func__, strerror(errno)); |
|
| if ((r = sshkey_write(public, f)) != 0) |
|
| fatal("Could not write certified key to %s: %s", |
|
| out, ssh_err(r)); |
|
| fprintf(f, " %s\n", comment); |
|
| fclose(f); |
|
| |
|
| if (!quiet) { |
if (!quiet) { |
| sshkey_format_cert_validity(public->cert, |
sshkey_format_cert_validity(public->cert, |
|
|
| { |
{ |
| struct sshkey **keys; |
struct sshkey **keys; |
| size_t nkeys, i; |
size_t nkeys, i; |
| int r, ok = -1; |
int r, ret = -1; |
| char *fp, *pin = NULL, *pass = NULL, *path, *pubpath; |
char *fp, *pin = NULL, *pass = NULL, *path, *pubpath; |
| const char *ext; |
const char *ext; |
| |
|
|
|
| &keys, &nkeys)) != 0) { |
&keys, &nkeys)) != 0) { |
| if (i == 0 && r == SSH_ERR_KEY_WRONG_PASSPHRASE) |
if (i == 0 && r == SSH_ERR_KEY_WRONG_PASSPHRASE) |
| continue; |
continue; |
| freezero(pin, strlen(pin)); |
if (pin != NULL) |
| |
freezero(pin, strlen(pin)); |
| error("Unable to load resident keys: %s", ssh_err(r)); |
error("Unable to load resident keys: %s", ssh_err(r)); |
| return -1; |
return -1; |
| } |
} |
| } |
} |
| if (nkeys == 0) |
if (nkeys == 0) |
| logit("No keys to download"); |
logit("No keys to download"); |
| freezero(pin, strlen(pin)); |
if (pin != NULL) |
| |
freezero(pin, strlen(pin)); |
| |
|
| for (i = 0; i < nkeys; i++) { |
for (i = 0; i < nkeys; i++) { |
| if (keys[i]->type != KEY_ECDSA_SK && |
if (keys[i]->type != KEY_ECDSA_SK && |
|
|
| } |
} |
| |
|
| if (i >= nkeys) |
if (i >= nkeys) |
| ok = 0; /* success */ |
ret = 0; /* success */ |
| if (pass != NULL) |
if (pass != NULL) |
| freezero(pass, strlen(pass)); |
freezero(pass, strlen(pass)); |
| for (i = 0; i < nkeys; i++) |
for (i = 0; i < nkeys; i++) |
| sshkey_free(keys[i]); |
sshkey_free(keys[i]); |
| free(keys); |
free(keys); |
| return ok ? 0 : -1; |
return ret; |
| } |
} |
| |
|
| static void |
static void |
|
|
| int |
int |
| main(int argc, char **argv) |
main(int argc, char **argv) |
| { |
{ |
| char dotsshdir[PATH_MAX], comment[1024], *passphrase; |
char comment[1024], *passphrase; |
| char *rr_hostname = NULL, *ep, *fp, *ra; |
char *rr_hostname = NULL, *ep, *fp, *ra; |
| struct sshkey *private, *public; |
struct sshkey *private, *public; |
| struct passwd *pw; |
struct passwd *pw; |
| struct stat st; |
|
| int r, opt, type; |
int r, opt, type; |
| int change_passphrase = 0, change_comment = 0, show_cert = 0; |
int change_passphrase = 0, change_comment = 0, show_cert = 0; |
| int find_host = 0, delete_host = 0, hash_hosts = 0; |
int find_host = 0, delete_host = 0, hash_hosts = 0; |
|
|
| ask_filename(pw, "Enter file in which to save the key"); |
ask_filename(pw, "Enter file in which to save the key"); |
| |
|
| /* Create ~/.ssh directory if it doesn't already exist. */ |
/* Create ~/.ssh directory if it doesn't already exist. */ |
| snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", |
hostfile_create_user_ssh_dir(identity_file, !quiet); |
| pw->pw_dir, _PATH_SSH_USER_DIR); |
|
| if (strstr(identity_file, dotsshdir) != NULL) { |
|
| if (stat(dotsshdir, &st) == -1) { |
|
| if (errno != ENOENT) { |
|
| error("Could not stat %s: %s", dotsshdir, |
|
| strerror(errno)); |
|
| } else if (mkdir(dotsshdir, 0700) == -1) { |
|
| error("Could not create directory '%s': %s", |
|
| dotsshdir, strerror(errno)); |
|
| } else if (!quiet) |
|
| printf("Created directory '%s'.\n", dotsshdir); |
|
| } |
|
| } |
|
| /* If the file already exists, ask the user to confirm. */ |
/* If the file already exists, ask the user to confirm. */ |
| if (!confirm_overwrite(identity_file)) |
if (!confirm_overwrite(identity_file)) |
| exit(1); |
exit(1); |
|
|
| strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
| if ((r = sshkey_save_public(public, identity_file, comment)) != 0) { |
if ((r = sshkey_save_public(public, identity_file, comment)) != 0) { |
| fatal("Unable to save public key to %s: %s", |
fatal("Unable to save public key to %s: %s", |
| identity_file, strerror(errno)); |
identity_file, ssh_err(r)); |
| } |
} |
| |
|
| if (!quiet) { |
if (!quiet) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh