summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keygen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* highly polished whitespace, mostly fixing spaces-for-tab and baddjm2021-04-031-8/+8
| | | | indentation on continuation lines. Prompted by GHPR#185
* pwcopy() struct passwd that we're going to reuse across a bunch ofdjm2021-03-121-1/+2
| | | | library calls; bz3273 ok dtucker@
* load_hostkeys()/hostkeys_foreach() variants for FILE*djm2020-12-201-2/+2
| | | | | | | | | | | | | | | Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@
* Include cipher.h for declaration of cipher_by_name.dtucker2020-11-281-1/+2
|
* Document ssh-keygen -Z, sanity check its argument earlier and providedtucker2020-11-271-3/+6
| | | | | a better error message if it's not correct. Prompted by bz#2879, ok djm@ jmc@
* when requesting a security key touch on stderr, inform the user oncedjm2020-11-081-2/+2
| | | | the touch has been recorded; requested by claudio@ ok markus@
* fix type of nid in type_bits_valid(); github PR#202 from github userdjm2020-10-291-2/+2
| | | | thingsconnected
* whitespace; no code changedjm2020-10-291-2/+2
|
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-170/+134
| | | | appending ssh_err(r) manually; ok markus@
* when writing an attestation blob for a FIDO key, record all the datadjm2020-09-091-17/+27
| | | | | | | | needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@
* debug()-print a little info about FIDO-specific key fields viadjm2020-08-271-2/+6
| | | | "ssh-keygen -vyf /path/key"
* Request PIN ahead of time for certain FIDO actionsdjm2020-08-271-18/+20
| | | | | | | | When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@
* major rework of FIDO token selection logicdjm2020-08-271-1/+6
| | | | | | | | | | | | | | | | | | | | When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@
* support for user-verified FIDO keysdjm2020-08-271-16/+39
| | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
* ensure that certificate extensions are lexically sorted. Previouslydjm2020-08-031-67/+85
| | | | | if the user specified a custom extension then the everything would be in order except the custom ones. bz3198 ok dtucker markus
* - Add [-a rounds] in ssh-keygen man page and usage()solene2020-07-151-7/+8
| | | | | | | | - Reorder parameters list in the first usage() case - Sentence rewording ok dtucker@ jmc@ noticed usage() missed -a flag too
* Defer creation of ~/.ssh by ssh(1) until we attempt to write to it so wedtucker2020-06-261-17/+4
| | | | | | don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@
* fix exit status for downloading of FIDO resident keys; fromdjm2020-05-291-4/+4
| | | | Pedro Martelletto, ok markus@
* avoid possible NULL deref; from Pedro Martellettodjm2020-05-181-3/+5
|
* preserve group/world read permission on known_hosts file across runs ofdjm2020-05-131-1/+5
| | | | | "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@
* we have a sshkey_save_public() function to save public keys; use itdjm2020-05-021-49/+18
| | | | | | and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@
* avoid NULL dereference when attempting to convert invalid ssh.comdjm2020-05-011-4/+5
| | | | private keys using "ssh-keygen -i"; spotted by Michael Forney
* fix a bug I introduced in r1.406: when printing private key fingerprintdjm2020-04-201-10/+14
| | | | | of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker
* repair private key fingerprint printing to also print comment afterdjm2020-04-171-9/+8
| | | | | regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@
* give ssh-keygen the ability to dump the contents of a binary keydjm2020-04-031-4/+6
| | | | revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
* spelling errors in comments; no code changedjm2020-03-131-2/+2
| | | | from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
* when downloading FIDO2 resident keys from a token, don't prompt for a PINdjm2020-03-131-8/+15
| | | | | | until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@
* fix use-after-free in do_download_sk; ok djmmarkus2020-03-061-2/+2
|
* exit if ssh_krl_revoke_key_sha256 fails; ok djmmarkus2020-03-061-1/+4
|
* no-touch-required certificate option should be an extension, notdjm2020-02-281-2/+2
| | | | a critical option.
* change explicit_bzero();free() to freezero()jsg2020-02-261-17/+9
| | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
* fix two PIN entry bugs on FIDO keygen: 1) it would allow more than thedjm2020-02-071-6/+12
| | | | | intended number of prompts (3) and 2) it would SEGV too many incorrect PINs were entered; based on patch by Gabriel Kihlman
* Replace "security key" with "authenticator" in program messages.naddy2020-02-061-5/+5
| | | | | | | This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
* require FIDO application strings to start with "ssh:"; ok markus@djm2020-02-041-1/+5
|
* changes to support FIDO attestationdjm2020-01-281-3/+33
| | | | | | | | | | | | | Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@
* improve the error message for u2f enrollment errors by makingdjm2020-01-251-2/+2
| | | | | | | | | | | | ssh-keygen be solely responsible for printing the error message and convertint some more common error responses from the middleware to a useful ssherr.h status code. more detail remains visible via -v of course. also remove indepedent copy of sk-api.h declarations in sk-usbhid.c and just include it. feedback & ok markus@
* factor out reading/writing sshbufs to dedicated functions;djm2020-01-251-38/+10
| | | | feedback and ok markus@
* expose PKCS#11 key labels/X.509 subjects as commentsdjm2020-01-251-5/+9
| | | | | | | | | | | Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@
* minor tweaks to ssh-keygen -Y find-principals:djm2020-01-241-11/+21
| | | | | | | | | | emit matched principals one per line to stdout rather than as comma- separated and with a free-text preamble (easy confusion opportunity) emit "not found" error to stderr fix up argument testing for -Y operations and improve error message for unsupported operations
* when signing a certificate with an RSA key, default to a safe signaturedjm2020-01-241-5/+9
| | | | | algorithm (rsa-sha-512) if not is explicitly specified by the user; ok markus@
* allow PEM export of DSA and ECDSA keys; bz3091, patch from Jakub Jelendjm2020-01-241-1/+9
| | | | ok markus@
* ssh-keygen -Y find-principals fixes based on feedback from Markus:djm2020-01-231-14/+13
| | | | | | | | | | | | use "principals" instead of principal, as allowed_signers lines may list multiple. When the signing key is a certificate, emit only principals that match the certificate principal list. NB. the command -Y name changes: "find-principal" => "find-principals" ok markus@
* remove trailing period characters from pub/priv key pathnames -djm2020-01-231-3/+3
| | | | | they make them needlessly more difficult to cut and paste without error; ok markus@ & dtucker@
* add a new signature operations "find-principal" to look up thedjm2020-01-231-9/+75
| | | | | principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@
* For ssh-keygen -lF only add a space after key fingerprint when there is aclaudio2020-01-221-3/+5
| | | | | comment. This makes copy-paste of fingerprints into ssh easier. OK djm@
* don't #ifdef out the KRL code when compiling without libcryptodjm2020-01-211-11/+1
| | | | | support; it works just fine and disabling it breaks a few tests. ok dtucker@
* sync ssh-keygen.1 and ssh-keygen's usage() with each other and realitynaddy2020-01-141-6/+5
| | | | ok markus@
* Extends the SK API to accept a set of key/value options for alldjm2020-01-061-12/+27
| | | | | | | | | | | | | | | | | | operations. These are intended to future-proof the API a little by making it easier to specify additional fields for without having to change the API version for each. At present, only two options are defined: one to explicitly specify the device for an operation (rather than accepting the middleware's autoselection) and another to specify the FIDO2 username that may be used when generating a resident key. These new options may be invoked at key generation time via ssh-keygen -O This also implements a suggestion from Markus to avoid "int" in favour of uint32_t for the algorithm argument in the API, to make implementation of ssh-sk-client/helper a little easier. feedback, fixes and ok markus@
* ability to download FIDO2 resident keys from a token viadjm2020-01-021-60/+162
| | | | | | | | | "ssh-keygen -K". This will save public/private keys into the current directory. This is handy if you move a token between hosts. feedback & ok markus@
* Remove the -x option currently used for FIDO/U2F-specific key flags.djm2019-12-301-23/+22
| | | | | | Instead these flags may be specified via -O. ok markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.