diff options
| author |   djm <djm@openbsd.org> | 2019-11-25 00:55:58 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2019-11-25 00:55:58 +0000 |
| commit | 40f04aad5fdde56d2b1b3e77dbaf14e68ad28e10 (patch) | |
| tree | b2f02fd65fc8c03e8c203760bd4d9f4b7bd44c24 /usr.bin/ssh/ssh-keygen.c | |
| parent | add a "no-touch-required" option for authorized_keys and a similar (diff) | |
| download | wireguard-openbsd-40f04aad5fdde56d2b1b3e77dbaf14e68ad28e10.tar.xz wireguard-openbsd-40f04aad5fdde56d2b1b3e77dbaf14e68ad28e10.zip | |
allow "ssh-keygen -x no-touch-required" when generating a security key
keypair to request one that does not require a touch for each
authentication attempt. The default remains to require touch.
feedback deraadt; ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 7d374362a22..002d3161ffc 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.371 2019/11/25 00:54:23 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.372 2019/11/25 00:55:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2994,13 +2994,19 @@ main(int argc, char **argv) case 'x': if (*optarg == '\0') fatal("Missing security key flags"); - ull = strtoull(optarg, &ep, 0); - if (*ep != '\0') - fatal("Security key flags \"%s\" is not a " - "number", optarg); - if (ull > 0xff) - fatal("Invalid security key flags 0x%llx", ull); - sk_flags = (uint8_t)ull; + if (strcasecmp(optarg, "no-touch-required") == 0) + sk_flags &= ~SSH_SK_USER_PRESENCE_REQD; + else { + ull = strtoull(optarg, &ep, 0); + if (*ep != '\0') + fatal("Security key flags \"%s\" is " + "not a number", optarg); + if (ull > 0xff) { + fatal("Invalid security key " + "flags 0x%llx", ull); + } + sk_flags = (uint8_t)ull; + } break; case 'z': errno = 0; |