diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2011-10-18 05:00:49 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2011-10-18 05:00:49 +0000 |
| commit | 20fd0f77f349b2538e9ab7dc8986d5fc47759734 (patch) | |
| tree | d55ab9680c2815bb6671fb06cd8210e5461d09f2 /usr.bin/ssh | |
| parent | a42a71e46e9f8fcd5f9ace982914f07eb4a6c51c (diff) | |
new "ssh-add -k" option to load plain keys (skipping certificates);
"looks ok" markus@
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/ssh-add.1 | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 27 |
2 files changed, 23 insertions, 13 deletions
diff --git a/usr.bin/ssh/ssh-add.1 b/usr.bin/ssh/ssh-add.1 index fd48ff98fa3..aec620deaf3 100644 --- a/usr.bin/ssh/ssh-add.1 +++ b/usr.bin/ssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 28 2010 $ +.Dd $Mdocdate: October 18 2011 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdLlXx +.Op Fl cDdkLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -110,6 +110,9 @@ and retry. .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl k +When loading keys into the agent, load plain private keys only and skip +certificates. .It Fl L Lists public key parameters of all identities currently represented by the agent. diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 0cec954ff5a..3c61cdcfab7 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.102 2011/10/18 05:00:48 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -133,11 +133,11 @@ delete_all(AuthenticationConnection *ac) } static int -add_file(AuthenticationConnection *ac, const char *filename) +add_file(AuthenticationConnection *ac, const char *filename, int key_only) { Key *private, *cert; char *comment = NULL; - char msg[1024], *certpath; + char msg[1024], *certpath = NULL; int fd, perms_ok, ret = -1; Buffer keyblob; @@ -213,6 +213,9 @@ add_file(AuthenticationConnection *ac, const char *filename) fprintf(stderr, "Could not add identity: %s\n", filename); } + /* Skip trying to load the cert if requested */ + if (key_only) + goto out; /* Now try to add the certificate flavour too */ xasprintf(&certpath, "%s-cert.pub", filename); @@ -247,7 +250,8 @@ add_file(AuthenticationConnection *ac, const char *filename) if (confirm != 0) fprintf(stderr, "The user must confirm each use of the key\n"); out: - xfree(certpath); + if (certpath != NULL) + xfree(certpath); xfree(comment); key_free(private); @@ -341,13 +345,13 @@ lock_agent(AuthenticationConnection *ac, int lock) } static int -do_file(AuthenticationConnection *ac, int deleting, char *file) +do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) { if (deleting) { if (delete_file(ac, file) == -1) return -1; } else { - if (add_file(ac, file) == -1) + if (add_file(ac, file, key_only) == -1) return -1; } return 0; @@ -377,7 +381,7 @@ main(int argc, char **argv) extern int optind; AuthenticationConnection *ac = NULL; char *pkcs11provider = NULL; - int i, ch, deleting = 0, ret = 0; + int i, ch, deleting = 0, ret = 0, key_only = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -391,8 +395,11 @@ main(int argc, char **argv) "Could not open a connection to your authentication agent.\n"); exit(2); } - while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { + while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { switch (ch) { + case 'k': + key_only = 1; + break; case 'l': case 'L': if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) @@ -458,7 +465,7 @@ main(int argc, char **argv) default_files[i]); if (stat(buf, &st) < 0) continue; - if (do_file(ac, deleting, buf) == -1) + if (do_file(ac, deleting, key_only, buf) == -1) ret = 1; else count++; @@ -467,7 +474,7 @@ main(int argc, char **argv) ret = 1; } else { for (i = 0; i < argc; i++) { - if (do_file(ac, deleting, argv[i]) == -1) + if (do_file(ac, deleting, key_only, argv[i]) == -1) ret = 1; } } |