From d4d9e1d40514e2746f9e05335d646512ea1020c6 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 7 Feb 2020 03:54:44 +0000 Subject: upstream: Add ssh -Q key-sig for all key and signature types. Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8 --- ssh.1 | 12 ++++++++++-- ssh.c | 19 ++++++++++++++----- ssh_config.5 | 8 ++++---- sshd_config.5 | 12 ++++++------ 4 files changed, 34 insertions(+), 17 deletions(-) diff --git a/ssh.1 b/ssh.1 index 97133752..60de6087 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $ -.Dd $Mdocdate: December 21 2019 $ +.\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSH 1 .Os .Sh NAME @@ -585,10 +585,18 @@ flag), (certificate key types), .Ar key-plain (non-certificate key types), +.Ar key-sig +(all key types and signature algorithms), .Ar protocol-version (supported SSH protocol versions), and .Ar sig (supported signature algorithms). +Alternatively, any keyword from +.Xr ssh_config 5 +or +.Xr sshd_config 5 +that takes an algorithm list may be used as an alias for the corresponding +query_option. .Pp .It Fl q Quiet mode. diff --git a/ssh.c b/ssh.c index 326ce21f..15aee569 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */ +/* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -736,13 +736,16 @@ main(int ac, char **av) break; case 'Q': cp = NULL; - if (strcmp(optarg, "cipher") == 0) + if (strcmp(optarg, "cipher") == 0 || + strcasecmp(optarg, "Ciphers") == 0) cp = cipher_alg_list('\n', 0); else if (strcmp(optarg, "cipher-auth") == 0) cp = cipher_alg_list('\n', 1); - else if (strcmp(optarg, "mac") == 0) + else if (strcmp(optarg, "mac") == 0 || + strcasecmp(optarg, "MACs") == 0) cp = mac_alg_list('\n'); - else if (strcmp(optarg, "kex") == 0) + else if (strcmp(optarg, "kex") == 0 || + strcasecmp(optarg, "KexAlgorithms") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) cp = sshkey_alg_list(0, 0, 0, '\n'); @@ -750,6 +753,12 @@ main(int ac, char **av) cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); + else if (strcmp(optarg, "key-sig") == 0 || + strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || + strcasecmp(optarg, "HostKeyAlgorithms") == 0 || + strcasecmp(optarg, "HostbasedKeyTypes") == 0 || + strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0) + cp = sshkey_alg_list(0, 0, 1, '\n'); else if (strcmp(optarg, "sig") == 0) cp = sshkey_alg_list(0, 1, 1, '\n'); else if (strcmp(optarg, "protocol-version") == 0) @@ -763,7 +772,7 @@ main(int ac, char **av) } else if (strcmp(optarg, "help") == 0) { cp = xstrdup( "cipher\ncipher-auth\ncompression\nkex\n" - "key\nkey-cert\nkey-plain\nmac\n" + "key\nkey-cert\nkey-plain\nkey-sig\nmac\n" "protocol-version\nsig"); } if (cp == NULL) diff --git a/ssh_config.5 b/ssh_config.5 index 0a6d8054..06a32d31 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.321 2020/01/31 22:25:59 jmc Exp $ -.Dd $Mdocdate: January 31 2020 $ +.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -868,7 +868,7 @@ If hostkeys are known for the destination host then this default is modified to prefer their algorithms. .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostKeyAlgorithms . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -1353,7 +1353,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q PubkeyAcceptedKeyTypes . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be diff --git a/sshd_config.5 b/sshd_config.5 index 15a10867..70ccea44 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.306 2020/02/06 22:34:58 naddy Exp $ -.Dd $Mdocdate: February 6 2020 $ +.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $ +.Dd $Mdocdate: February 7 2020 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -693,7 +693,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostbasedAcceptedKeyTypes . .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed @@ -776,7 +776,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q HostKeyAlgorithms . .It Cm IgnoreRhosts Specifies that .Pa .rhosts @@ -949,7 +949,7 @@ diffie-hellman-group14-sha256 .Ed .Pp The list of available key exchange algorithms may also be obtained using -.Qq ssh -Q kex . +.Qq ssh -Q KexAlgorithms . .It Cm ListenAddress Specifies the local addresses .Xr sshd 8 @@ -1461,7 +1461,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using -.Qq ssh -Q key . +.Qq ssh -Q PubkeyAcceptedKeyTypes . .It Cm PubkeyAuthOptions Sets one or more public key authentication options. Two option keywords are currently supported: -- cgit v1.2.3