|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/auth2-hostbased.c.fingerprint openssh-6.2p1/auth2-hostbased.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/auth2-hostbased.c 2013-03-22 12:20:49.009685008 +0100
|
|
Jan F |
aefa65 |
@@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw,
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
if (host_status == HOST_OK) {
|
|
Jan F |
aefa65 |
if (key_is_cert(key)) {
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(key->cert->signature_key,
|
|
Jan F |
aefa65 |
- SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(key->cert->signature_key,
|
|
Jan F |
aefa65 |
+ SSH_FP_HEX);
|
|
Jan F |
aefa65 |
verbose("Accepted certificate ID \"%s\" signed by "
|
|
Jan F |
aefa65 |
- "%s CA %s from %s@%s", key->cert->key_id,
|
|
Jan F |
aefa65 |
- key_type(key->cert->signature_key), fp,
|
|
Jan F |
aefa65 |
+ "%s CA %s%s from %s@%s", key->cert->key_id,
|
|
Jan F |
aefa65 |
+ key_type(key->cert->signature_key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp,
|
|
Jan F |
aefa65 |
cuser, lookup);
|
|
Jan F |
aefa65 |
} else {
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- verbose("Accepted %s public key %s from %s@%s",
|
|
Jan F |
aefa65 |
- key_type(key), fp, cuser, lookup);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ verbose("Accepted %s public key %s%s from %s@%s",
|
|
Jan F |
aefa65 |
+ key_type(key), key_fingerprint_prefix(),
|
|
Jan F |
aefa65 |
+ fp, cuser, lookup);
|
|
Jan F |
aefa65 |
}
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
}
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/auth2-pubkey.c.fingerprint openssh-6.2p1/auth2-pubkey.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/auth2-pubkey.c.fingerprint 2013-02-15 00:28:56.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/auth2-pubkey.c 2013-03-22 12:20:49.009685008 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -317,10 +317,10 @@ check_authkeys_file(FILE *f, char *file,
|
|
Jan F |
aefa65 |
continue;
|
|
Jan F |
aefa65 |
if (!key_is_cert_authority)
|
|
Jan F |
aefa65 |
continue;
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(found, SSH_FP_MD5,
|
|
Jan F |
aefa65 |
- SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- debug("matching CA found: file %s, line %lu, %s %s",
|
|
Jan F |
aefa65 |
- file, linenum, key_type(found), fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(found, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ debug("matching CA found: file %s, line %lu, %s %s%s",
|
|
Jan F |
aefa65 |
+ file, linenum, key_type(found),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
/*
|
|
Jan F |
aefa65 |
* If the user has specified a list of principals as
|
|
Jan F |
aefa65 |
* a key option, then prefer that list to matching
|
|
Petr Lautrbach |
8a29de |
@@ -360,9 +360,9 @@ check_authkeys_file(FILE *f, char *file,
|
|
Jan F |
aefa65 |
found_key = 1;
|
|
Jan F |
aefa65 |
debug("matching key found: file %s, line %lu",
|
|
Jan F |
aefa65 |
file, linenum);
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- verbose("Found matching %s key: %s",
|
|
Jan F |
aefa65 |
- key_type(found), fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(found, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ verbose("Found matching %s key: %s%s",
|
|
Jan F |
aefa65 |
+ key_type(found), key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
break;
|
|
Jan F |
aefa65 |
}
|
|
Petr Lautrbach |
8a29de |
@@ -384,13 +384,13 @@ user_cert_trusted_ca(struct passwd *pw,
|
|
Jan F |
aefa65 |
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
|
|
Jan F |
aefa65 |
return 0;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- ca_fp = key_fingerprint(key->cert->signature_key,
|
|
Jan F |
aefa65 |
- SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
if (key_in_file(key->cert->signature_key,
|
|
Jan F |
aefa65 |
options.trusted_user_ca_keys, 1) != 1) {
|
|
Jan F |
aefa65 |
- debug2("%s: CA %s %s is not listed in %s", __func__,
|
|
Jan F |
aefa65 |
- key_type(key->cert->signature_key), ca_fp,
|
|
Jan F |
aefa65 |
+ debug2("%s: CA %s%s %s is not listed in %s", __func__,
|
|
Jan F |
aefa65 |
+ key_type(key->cert->signature_key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), ca_fp,
|
|
Jan F |
aefa65 |
options.trusted_user_ca_keys);
|
|
Jan F |
aefa65 |
goto out;
|
|
Jan F |
aefa65 |
}
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/auth.c.fingerprint openssh-6.2p1/auth.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/auth.c.fingerprint 2013-03-12 01:31:05.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/auth.c 2013-03-22 12:22:32.515230386 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -663,9 +663,10 @@ auth_key_is_revoked(Key *key)
|
|
Jan F |
aefa65 |
case 1:
|
|
Petr Lautrbach |
8a29de |
revoked:
|
|
Jan F |
aefa65 |
/* Key revoked */
|
|
Jan F |
aefa65 |
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
error("WARNING: authentication attempt with a revoked "
|
|
Jan F |
aefa65 |
- "%s key %s ", key_type(key), key_fp);
|
|
Jan F |
aefa65 |
+ "%s key %s%s ", key_type(key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), key_fp);
|
|
Jan F |
aefa65 |
xfree(key_fp);
|
|
Jan F |
aefa65 |
return 1;
|
|
Jan F |
aefa65 |
}
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/auth-rsa.c.fingerprint openssh-6.2p1/auth-rsa.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/auth-rsa.c.fingerprint 2012-10-30 22:58:59.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/auth-rsa.c 2013-03-22 12:20:49.011684999 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -328,9 +328,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli
|
|
Jan F |
aefa65 |
* options; this will be reset if the options cause the
|
|
Jan F |
aefa65 |
* authentication to be rejected.
|
|
Jan F |
aefa65 |
*/
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- verbose("Found matching %s key: %s",
|
|
Jan F |
aefa65 |
- key_type(key), fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ verbose("Found matching %s key: %s%s",
|
|
Jan F |
aefa65 |
+ key_type(key), key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
key_free(key);
|
|
Jan F |
aefa65 |
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/key.c.fingerprint openssh-6.2p1/key.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/key.c.fingerprint 2013-03-22 12:20:48.971685175 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/key.c 2013-03-22 12:20:49.012684995 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -599,6 +599,34 @@ key_fingerprint(Key *k, enum fp_type dgs
|
|
Jan F |
aefa65 |
return retval;
|
|
Jan F |
aefa65 |
}
|
|
Jan F |
aefa65 |
|
|
Jan F |
48446f |
+enum fp_type
|
|
Jan F |
aefa65 |
+key_fingerprint_selection(void)
|
|
Jan F |
aefa65 |
+{
|
|
Jan F |
48446f |
+ static enum fp_type rv;
|
|
Jan F |
48446f |
+ static char rv_defined = 0;
|
|
Jan F |
aefa65 |
+ char *env;
|
|
Jan F |
aefa65 |
+
|
|
Jan F |
48446f |
+ if (!rv_defined) {
|
|
Jan F |
aefa65 |
+ env = getenv("SSH_FINGERPRINT_TYPE");
|
|
Jan F |
48446f |
+ rv = (env && !strcmp (env, "sha")) ?
|
|
Jan F |
48446f |
+ SSH_FP_SHA1 : SSH_FP_MD5;
|
|
Jan F |
48446f |
+ rv_defined = 1;
|
|
Jan F |
aefa65 |
+ }
|
|
Jan F |
aefa65 |
+ return rv;
|
|
Jan F |
aefa65 |
+}
|
|
Jan F |
aefa65 |
+
|
|
Jan F |
aefa65 |
+char *
|
|
Jan F |
aefa65 |
+key_selected_fingerprint(Key *k, enum fp_rep dgst_rep)
|
|
Jan F |
aefa65 |
+{
|
|
Jan F |
48446f |
+ return key_fingerprint(k, key_fingerprint_selection(), dgst_rep);
|
|
Jan F |
aefa65 |
+}
|
|
Jan F |
aefa65 |
+
|
|
Jan F |
aefa65 |
+char *
|
|
Jan F |
aefa65 |
+key_fingerprint_prefix(void)
|
|
Jan F |
aefa65 |
+{
|
|
Jan F |
48446f |
+ return key_fingerprint_selection() == SSH_FP_SHA1 ? "sha1:" : "";
|
|
Jan F |
aefa65 |
+}
|
|
Jan F |
aefa65 |
+
|
|
Jan F |
aefa65 |
/*
|
|
Jan F |
aefa65 |
* Reads a multiple-precision integer in decimal from the buffer, and advances
|
|
Jan F |
aefa65 |
* the pointer. The integer must already be initialized. This function is
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/key.h.fingerprint openssh-6.2p1/key.h
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/key.h.fingerprint 2013-01-18 01:44:05.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/key.h 2013-03-22 12:23:35.308954528 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -97,6 +97,9 @@ int key_equal_public(const Key *, cons
|
|
Jan F |
aefa65 |
int key_equal(const Key *, const Key *);
|
|
Jan F |
aefa65 |
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
|
|
Petr Lautrbach |
8a29de |
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
|
|
Jan F |
48446f |
+enum fp_type key_fingerprint_selection(void);
|
|
Jan F |
aefa65 |
+char *key_selected_fingerprint(Key *, enum fp_rep);
|
|
Jan F |
aefa65 |
+char *key_fingerprint_prefix(void);
|
|
Jan F |
aefa65 |
const char *key_type(const Key *);
|
|
Jan F |
aefa65 |
const char *key_cert_type(const Key *);
|
|
Jan F |
aefa65 |
int key_write(const Key *, FILE *);
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/ssh-add.c.fingerprint openssh-6.2p1/ssh-add.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/ssh-add.c.fingerprint 2012-12-07 03:07:03.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/ssh-add.c 2013-03-22 12:20:49.029684920 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -326,10 +326,10 @@ list_identities(AuthenticationConnection
|
|
Jan F |
aefa65 |
key = ssh_get_next_identity(ac, &comment, version)) {
|
|
Jan F |
aefa65 |
had_identities = 1;
|
|
Jan F |
aefa65 |
if (do_fp) {
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(key, SSH_FP_MD5,
|
|
Jan F |
aefa65 |
- SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- printf("%d %s %s (%s)\n",
|
|
Jan F |
aefa65 |
- key_size(key), fp, comment, key_type(key));
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ printf("%d %s%s %s (%s)\n",
|
|
Jan F |
aefa65 |
+ key_size(key), key_fingerprint_prefix(),
|
|
Jan F |
aefa65 |
+ fp, comment, key_type(key));
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
} else {
|
|
Jan F |
aefa65 |
if (!key_write(key, stdout))
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/ssh-agent.c.fingerprint openssh-6.2p1/ssh-agent.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/ssh-agent.c.fingerprint 2013-03-22 12:20:48.979685140 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/ssh-agent.c 2013-03-22 12:20:49.030684916 +0100
|
|
Jan F |
aefa65 |
@@ -199,9 +199,9 @@ confirm_key(Identity *id)
|
|
Jan F |
aefa65 |
char *p;
|
|
Jan F |
aefa65 |
int ret = -1;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
|
|
Jan F |
aefa65 |
- id->comment, p))
|
|
Jan F |
aefa65 |
+ p = key_selected_fingerprint(id->key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ if (ask_permission("Allow use of key %s?\nKey fingerprint %s%s.",
|
|
Jan F |
aefa65 |
+ id->comment, key_fingerprint_prefix(), p))
|
|
Jan F |
aefa65 |
ret = 0;
|
|
Jan F |
aefa65 |
xfree(p);
|
|
Jan F |
aefa65 |
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/sshconnect2.c.fingerprint openssh-6.2p1/sshconnect2.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/sshconnect2.c.fingerprint 2013-03-20 02:55:15.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/sshconnect2.c 2013-03-22 12:20:49.031684912 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -592,8 +592,9 @@ input_userauth_pk_ok(int type, u_int32_t
|
|
Jan F |
aefa65 |
key->type, pktype);
|
|
Jan F |
aefa65 |
goto done;
|
|
Jan F |
aefa65 |
}
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- debug2("input_userauth_pk_ok: fp %s", fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ debug2("input_userauth_pk_ok: fp %s%s",
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
/*
|
|
Petr Lautrbach |
8a29de |
@@ -1205,8 +1206,9 @@ sign_and_send_pubkey(Authctxt *authctxt,
|
|
Jan F |
aefa65 |
int have_sig = 1;
|
|
Jan F |
aefa65 |
char *fp;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(id->key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ debug3("sign_and_send_pubkey: %s %s%s", key_type(id->key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/sshconnect.c.fingerprint openssh-6.2p1/sshconnect.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/sshconnect.c.fingerprint 2012-09-17 05:25:44.000000000 +0200
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/sshconnect.c 2013-03-22 12:20:49.032684907 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -824,10 +824,10 @@ check_host_key(char *hostname, struct so
|
|
Jan F |
aefa65 |
"key for IP address '%.128s' to the list "
|
|
Jan F |
aefa65 |
"of known hosts.", type, ip);
|
|
Jan F |
aefa65 |
} else if (options.visual_host_key) {
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(host_key, SSH_FP_MD5,
|
|
Jan F |
aefa65 |
- SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
- logit("Host key fingerprint is %s\n%s\n", fp, ra);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ logit("Host key fingerprint is %s%s\n%s\n",
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp, ra);
|
|
Jan F |
aefa65 |
xfree(ra);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
}
|
|
Petr Lautrbach |
8a29de |
@@ -865,9 +865,8 @@ check_host_key(char *hostname, struct so
|
|
Jan F |
aefa65 |
else
|
|
Jan F |
aefa65 |
snprintf(msg1, sizeof(msg1), ".");
|
|
Jan F |
aefa65 |
/* The default */
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(host_key, SSH_FP_MD5,
|
|
Jan F |
aefa65 |
- SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
msg2[0] = '\0';
|
|
Jan F |
aefa65 |
if (options.verify_host_key_dns) {
|
|
Jan F |
aefa65 |
if (matching_host_key_dns)
|
|
Petr Lautrbach |
8a29de |
@@ -882,10 +881,11 @@ check_host_key(char *hostname, struct so
|
|
Jan F |
aefa65 |
snprintf(msg, sizeof(msg),
|
|
Jan F |
aefa65 |
"The authenticity of host '%.200s (%s)' can't be "
|
|
Jan F |
aefa65 |
"established%s\n"
|
|
Jan F |
aefa65 |
- "%s key fingerprint is %s.%s%s\n%s"
|
|
Jan F |
aefa65 |
+ "%s key fingerprint is %s%s.%s%s\n%s"
|
|
Jan F |
aefa65 |
"Are you sure you want to continue connecting "
|
|
Jan F |
aefa65 |
"(yes/no)? ",
|
|
Jan F |
aefa65 |
- host, ip, msg1, type, fp,
|
|
Jan F |
aefa65 |
+ host, ip, msg1, type,
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp,
|
|
Jan F |
aefa65 |
options.visual_host_key ? "\n" : "",
|
|
Jan F |
aefa65 |
options.visual_host_key ? ra : "",
|
|
Jan F |
aefa65 |
msg2);
|
|
Petr Lautrbach |
8a29de |
@@ -1130,8 +1130,9 @@ verify_host_key(char *host, struct socka
|
|
Jan F |
aefa65 |
int flags = 0;
|
|
Jan F |
aefa65 |
char *fp;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- debug("Server host key: %s %s", key_type(host_key), fp);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ debug("Server host key: %s %s%s", key_type(host_key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
/* XXX certs are not yet supported for DNS */
|
|
Petr Lautrbach |
8a29de |
@@ -1232,14 +1233,15 @@ show_other_keys(struct hostkeys *hostkey
|
|
Jan F |
aefa65 |
continue;
|
|
Jan F |
aefa65 |
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
|
|
Jan F |
aefa65 |
continue;
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(found->key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(found->key, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
logit("WARNING: %s key found for host %s\n"
|
|
Jan F |
aefa65 |
"in %s:%lu\n"
|
|
Jan F |
aefa65 |
- "%s key fingerprint %s.",
|
|
Jan F |
aefa65 |
+ "%s key fingerprint %s%s.",
|
|
Jan F |
aefa65 |
key_type(found->key),
|
|
Jan F |
aefa65 |
found->host, found->file, found->line,
|
|
Jan F |
aefa65 |
- key_type(found->key), fp);
|
|
Jan F |
aefa65 |
+ key_type(found->key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
if (options.visual_host_key)
|
|
Jan F |
aefa65 |
logit("%s", ra);
|
|
Jan F |
aefa65 |
xfree(ra);
|
|
Petr Lautrbach |
8a29de |
@@ -1254,7 +1256,7 @@ warn_changed_key(Key *host_key)
|
|
Jan F |
aefa65 |
{
|
|
Jan F |
aefa65 |
char *fp;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
|
Jan F |
aefa65 |
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
|
Petr Lautrbach |
8a29de |
@@ -1262,8 +1264,8 @@ warn_changed_key(Key *host_key)
|
|
Jan F |
aefa65 |
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
|
|
Jan F |
aefa65 |
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
|
|
Jan F |
aefa65 |
error("It is also possible that a host key has just been changed.");
|
|
Jan F |
aefa65 |
- error("The fingerprint for the %s key sent by the remote host is\n%s.",
|
|
Jan F |
aefa65 |
- key_type(host_key), fp);
|
|
Jan F |
aefa65 |
+ error("The fingerprint for the %s key sent by the remote host is\n%s%s.",
|
|
Jan F |
aefa65 |
+ key_type(host_key),key_fingerprint_prefix(), fp);
|
|
Jan F |
aefa65 |
error("Please contact your system administrator.");
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
xfree(fp);
|
|
Petr Lautrbach |
8a29de |
diff -up openssh-6.2p1/ssh-keygen.c.fingerprint openssh-6.2p1/ssh-keygen.c
|
|
Petr Lautrbach |
8a29de |
--- openssh-6.2p1/ssh-keygen.c.fingerprint 2013-02-12 01:03:36.000000000 +0100
|
|
Petr Lautrbach |
8a29de |
+++ openssh-6.2p1/ssh-keygen.c 2013-03-22 12:20:49.033684903 +0100
|
|
Petr Lautrbach |
8a29de |
@@ -767,13 +767,14 @@ do_fingerprint(struct passwd *pw)
|
|
Jan F |
aefa65 |
{
|
|
Jan F |
aefa65 |
FILE *f;
|
|
Jan F |
aefa65 |
Key *public;
|
|
Jan F |
aefa65 |
- char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra;
|
|
Jan F |
aefa65 |
+ char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra, *pfx;
|
|
Jan F |
aefa65 |
int i, skip = 0, num = 0, invalid = 1;
|
|
Jan F |
aefa65 |
enum fp_rep rep;
|
|
Jan F |
aefa65 |
enum fp_type fptype;
|
|
Jan F |
aefa65 |
struct stat st;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
|
|
Jan F |
aefa65 |
+ fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection();
|
|
Jan F |
aefa65 |
+ pfx = print_bubblebabble ? "" : key_fingerprint_prefix();
|
|
Jan F |
aefa65 |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
if (!have_identity)
|
|
Petr Lautrbach |
8a29de |
@@ -785,8 +786,8 @@ do_fingerprint(struct passwd *pw)
|
|
Jan F |
aefa65 |
public = key_load_public(identity_file, &comment);
|
|
Jan F |
aefa65 |
if (public != NULL) {
|
|
Jan F |
aefa65 |
fp = key_fingerprint(public, fptype, rep);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
- printf("%u %s %s (%s)\n", key_size(public), fp, comment,
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, comment,
|
|
Jan F |
aefa65 |
key_type(public));
|
|
Jan F |
aefa65 |
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
|
Jan F |
aefa65 |
printf("%s\n", ra);
|
|
Petr Lautrbach |
8a29de |
@@ -851,8 +852,8 @@ do_fingerprint(struct passwd *pw)
|
|
Jan F |
aefa65 |
}
|
|
Jan F |
aefa65 |
comment = *cp ? cp : comment;
|
|
Jan F |
aefa65 |
fp = key_fingerprint(public, fptype, rep);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
- printf("%u %s %s (%s)\n", key_size(public), fp,
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp,
|
|
Jan F |
aefa65 |
comment ? comment : "no comment", key_type(public));
|
|
Jan F |
aefa65 |
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
|
Jan F |
aefa65 |
printf("%s\n", ra);
|
|
Petr Lautrbach |
8a29de |
@@ -970,13 +971,15 @@ printhost(FILE *f, const char *name, Key
|
|
Jan F |
aefa65 |
if (print_fingerprint) {
|
|
Jan F |
aefa65 |
enum fp_rep rep;
|
|
Jan F |
aefa65 |
enum fp_type fptype;
|
|
Jan F |
aefa65 |
- char *fp, *ra;
|
|
Jan F |
aefa65 |
+ char *fp, *ra, *pfx;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
|
|
Jan F |
aefa65 |
+ fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection();
|
|
Jan F |
aefa65 |
+ pfx = print_bubblebabble ? "" : key_fingerprint_prefix();
|
|
Jan F |
aefa65 |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
|
|
Jan F |
aefa65 |
+
|
|
Jan F |
aefa65 |
fp = key_fingerprint(public, fptype, rep);
|
|
Jan F |
aefa65 |
- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
- printf("%u %s %s (%s)\n", key_size(public), fp, name,
|
|
Jan F |
aefa65 |
+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, name,
|
|
Jan F |
aefa65 |
key_type(public));
|
|
Jan F |
aefa65 |
if (log_level >= SYSLOG_LEVEL_VERBOSE)
|
|
Jan F |
aefa65 |
printf("%s\n", ra);
|
|
Petr Lautrbach |
8a29de |
@@ -1854,16 +1857,17 @@ do_show_cert(struct passwd *pw)
|
|
Jan F |
aefa65 |
fatal("%s is not a certificate", identity_file);
|
|
Jan F |
aefa65 |
v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00;
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- ca_fp = key_fingerprint(key->cert->signature_key,
|
|
Jan F |
aefa65 |
- SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
printf("%s:\n", identity_file);
|
|
Jan F |
aefa65 |
printf(" Type: %s %s certificate\n", key_ssh_name(key),
|
|
Jan F |
aefa65 |
key_cert_type(key));
|
|
Jan F |
aefa65 |
- printf(" Public key: %s %s\n", key_type(key), key_fp);
|
|
Jan F |
aefa65 |
- printf(" Signing CA: %s %s\n",
|
|
Jan F |
aefa65 |
- key_type(key->cert->signature_key), ca_fp);
|
|
Jan F |
aefa65 |
+ printf(" Public key: %s %s%s\n", key_type(key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), key_fp);
|
|
Jan F |
aefa65 |
+ printf(" Signing CA: %s %s%s\n",
|
|
Jan F |
aefa65 |
+ key_type(key->cert->signature_key),
|
|
Jan F |
aefa65 |
+ key_fingerprint_prefix(), ca_fp);
|
|
Jan F |
aefa65 |
printf(" Key ID: \"%s\"\n", key->cert->key_id);
|
|
Jan F |
aefa65 |
if (!v00) {
|
|
Jan F |
aefa65 |
printf(" Serial: %llu\n",
|
|
Petr Lautrbach |
8a29de |
@@ -2651,13 +2655,12 @@ passphrase_again:
|
|
Jan F |
aefa65 |
fclose(f);
|
|
Jan F |
aefa65 |
|
|
Jan F |
aefa65 |
if (!quiet) {
|
|
Jan F |
aefa65 |
- char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
- char *ra = key_fingerprint(public, SSH_FP_MD5,
|
|
Jan F |
aefa65 |
- SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
+ char *fp = key_selected_fingerprint(public, SSH_FP_HEX);
|
|
Jan F |
aefa65 |
+ char *ra = key_selected_fingerprint(public, SSH_FP_RANDOMART);
|
|
Jan F |
aefa65 |
printf("Your public key has been saved in %s.\n",
|
|
Jan F |
aefa65 |
identity_file);
|
|
Jan F |
aefa65 |
printf("The key fingerprint is:\n");
|
|
Jan F |
aefa65 |
- printf("%s %s\n", fp, comment);
|
|
Jan F |
aefa65 |
+ printf("%s%s %s\n", key_fingerprint_prefix(), fp, comment);
|
|
Jan F |
aefa65 |
printf("The key's randomart image is:\n");
|
|
Jan F |
aefa65 |
printf("%s\n", ra);
|
|
Jan F |
aefa65 |
xfree(ra);
|