- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
diff --git a/ssh-add.c b/ssh-add.c
index 3adc250..f49d13f 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.22 2000/09/07 20:27:54 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.23 2000/11/12 19:50:38 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rsa.h>
@@ -60,10 +60,10 @@
Key *public;
char *comment;
- public = key_new(KEY_RSA);
+ public = key_new(KEY_RSA1);
if (!load_public_key(filename, public, &comment)) {
key_free(public);
- public = key_new(KEY_DSA);
+ public = key_new(KEY_UNSPEC);
if (!try_load_public_key(filename, public, &comment)) {
printf("Bad key file %s\n", filename);
return;
@@ -144,7 +144,7 @@
char buf[1024], msg[1024];
int success;
int interactive = isatty(STDIN_FILENO);
- int type = KEY_RSA;
+ int type = KEY_RSA1;
if (stat(filename, &st) < 0) {
perror(filename);
@@ -154,10 +154,10 @@
* try to load the public key. right now this only works for RSA,
* since DSA keys are fully encrypted
*/
- public = key_new(KEY_RSA);
+ public = key_new(KEY_RSA1);
if (!load_public_key(filename, public, &saved_comment)) {
- /* ok, so we will asume this is a DSA key */
- type = KEY_DSA;
+ /* ok, so we will assume this is 'some' key */
+ type = KEY_UNSPEC;
saved_comment = xstrdup(filename);
}
key_free(public);
@@ -223,8 +223,9 @@
key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
if (fp) {
- printf("%d %s %s\n",
- key_size(key), key_fingerprint(key), comment);
+ printf("%d %s %s (%s)\n",
+ key_size(key), key_fingerprint(key),
+ comment, key_type(key));
} else {
if (!key_write(key, stdout))
fprintf(stderr, "key_write failed");
@@ -250,13 +251,6 @@
init_rng();
- /* check if RSA support exists */
- if (rsa_alive() == 0) {
- fprintf(stderr,
- "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
- __progname);
- exit(1);
- }
SSLeay_add_all_algorithms();
/* At first, get a connection to the authentication agent. */