upstream: Accept the verbose flag when searching for host keys in known

hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art
signature too. bz#3003 "amusing, pretty" deraadt@

OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 8184a1797ecde559d8de51f1bc8f8d485449ae66..b4bc336f2e062f37b3ef6f25c7144bf8ee0c7858 100644 (file)
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $
+.\"    $OpenBSD: ssh-keygen.1,v 1.162 2019/07/19 03:38:01 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 15 2019 $
+.Dd $Mdocdate: July 19 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -87,6 +87,7 @@
 .Fl F Ar hostname
 .Op Fl f Ar known_hosts_file
 .Op Fl l
+.Op Fl v
 .Nm ssh-keygen
 .Fl H
 .Op Fl f Ar known_hosts_file

diff --git a/ssh-keygen.c b/ssh-keygen.c
index c2cfe8df0aec6b5b650353e84930819ed076384a..ea3c0e63888044ce582b90d61829febf230a583b 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.337 2019/07/16 13:18:39 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.338 2019/07/19 03:38:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1172,7 +1172,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
        enum sshkey_fp_rep rep;
        int fptype;
-       char *fp;
+       char *fp = NULL, *ra = NULL;
 
        fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
        rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
@@ -1206,8 +1206,16 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
                                known_hosts_hash(l, ctx);
                        else if (print_fingerprint) {
                                fp = sshkey_fingerprint(l->key, fptype, rep);
+                               ra = sshkey_fingerprint(l->key,
+                                   fingerprint_hash, SSH_FP_RANDOMART);
+                               if (fp == NULL || ra == NULL)
+                                       fatal("%s: sshkey_fingerprint failed",
+                                           __func__);
                                mprintf("%s %s %s %s\n", ctx->host,
                                    sshkey_type(l->key), fp, l->comment);
+                               if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
+                                       printf("%s\n", ra);
+                               free(ra);
                                free(fp);
                        } else
                                fprintf(ctx->out, "%s\n", l->line);