summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh-keygen.c
AgeCommit message (Collapse)Author
2008-06-12make ssh-keygen -lf show the key type just as ssh-add -l would do itAlexander von Gernler
ok djm@ markus@
2008-06-11ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,Alexander von Gernler
that is not how it was envisioned. Also correct manpage saying that -v is needed along with -l for it to work. spotted by naddy@
2008-06-11ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pubAlexander von Gernler
would not display you the random art as intended, spotted by canacar@
2008-06-11Introduce SSH Fingerprint ASCII Visualization, a technique inspired by theAlexander von Gernler
graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
2008-05-19support -l (print fingerprint) in combination with -F (find host) toDamien Miller
search for a host in ~/.ssh/known_hosts and display its fingerprint; ok markus@
2008-01-19unbreak line numbering (broken in revision 1.164), fix error messageDamien Miller
2008-01-19when hashing individual hosts (ssh-keygen -Hf hostname), make sure weDamien Miller
hash just the specified hostname and not the entire hostspec from the keyfile. It may be of the form "hostname,ipaddr", which would lead to a hash that never matches. report and fix from jp AT devnull.cz
2007-10-02handles zero-sized strings that fgets can returnCharles Longeau
properly removes trailing newline removes an unused variable correctly counts line number "looks ok" ray@ markus@
2007-09-11use strcspn to properly overwrite '\n' in fgets returned bufferGilles Chehade
ok pyr@, ray@, millert@, moritz@, chl@
2007-09-09sort synopsis and options in ssh-agent(1); usage is lowercaseIgor Sobrado
ok jmc@
2007-01-21spacesKevin Steves
2007-01-12more secsh -> rfc 4716 updates;Jason McIntyre
spotted by wiz@netbsd ok markus
2007-01-03spacesKevin Steves
2007-01-03remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scanKevin Steves
2006-11-14use argc and argv not some made up short formTheo de Raadt
2006-11-06add missing checks for openssl return codes; with & ok djm@Markus Friedl
2006-08-03almost entirely get rid of the culture of ".h files that include .h files"Theo de Raadt
ok djm, sort of ok stevesk makes the pain stop in one easy step
2006-08-01move #include <stdio.h> out of includes.hKevin Steves
2006-07-26move #include <stdlib.h> out of includes.hKevin Steves
2006-07-26move #include <sys/param.h> out of includes.hKevin Steves
2006-07-22move #include <string.h> out of includes.hKevin Steves
2006-07-17move #include <unistd.h> out of includes.hKevin Steves
2006-07-11move #include <errno.h> out of includes.h; ok markus@Kevin Steves
2006-07-09move #include <fcntl.h> out of includes.hKevin Steves
2006-07-06move #include "dns.h" upKevin Steves
2006-07-06move #include <pwd.h> out of includes.h; ok markus@Kevin Steves
2006-05-17fix leak; coverity via Kylene Jo HallMarkus Friedl
2006-03-30Correctly handle truncated files while converting keys; ok djm@Darren Tucker
2006-03-25cast strtonum() result to right typeTheo de Raadt
2006-03-25Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatDamien Miller
Theo nuked - our scripts to sync -portable need them in the files
2006-03-20annoying spacing fixes getting in the way of real diffsTheo de Raadt
2006-03-19RCSID() can dieTheo de Raadt
2006-03-15if no key file are given when printing the DNS host record, use theJakob Schlyter
host key file(s) as default. ok djm@
2006-03-13Make ssh-keygen handle CR and CRLF line termination when converting IETFDarren Tucker
format keys, in adition to vanilla LF. mindrot #1157, tested by Chris Pepper, ok djm@
2006-02-20move #include <sys/stat.h> out of includes.h; ok markus@Kevin Steves
2005-11-29Populate default key sizes before checking them; from & ok tim@Darren Tucker
2005-11-28Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,Darren Tucker
increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
2005-10-31generate a protocol 2 RSA key by defaultDamien Miller
2005-10-30no need to escape single quotes in comments, no binary changeDamien Miller
2005-10-14no trailing "\n" for log functions; ok djm@Kevin Steves
2005-10-07change DSA default back to 1024, as it's defined for 1024 bits onlyMarkus Friedl
and this causes interop problems with other clients. moreover, in order to improve the security of DSA you need to change more components of DSA key generation (e.g. the internal SHA1 hash); ok deraadt
2005-09-13ensure that stdio fds are attached; ok deraadt@Damien Miller
2005-07-17knf says that a 2nd level indent is four (not three or five) spacesDamien Miller
2005-06-08increase default rsa/dsa key length from 1024 to 2048 bits; ok markus@ deraadt@Damien Miller
2005-05-26uint32_t -> u_int32_t for consistency; ok djm@Darren Tucker
2005-05-24some style nits from dmiller@, and use a fatal() instead of a printf()/exitAnil Madhavapeddy
2005-05-23- removes signed/unsigned comparisons in moduli generationAnil Madhavapeddy
- use strtonum instead of atoi where its easier - check some strlcpy overflow and fatal instead of truncate
2005-04-05sync and sort usage(). ok jmc@ markus@Otto Moerbeek
2005-03-11typo, missing \n; mpechMarkus Friedl
2005-03-10spacingTheo de Raadt