upstream: Add ssh -Q key-sig for all key and signature types.

Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as
an alias for the corresponding query.  Man page help jmc@, ok djm@.

OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8

diff --git a/ssh.1 b/ssh.1
index 97133752058ed23fc5ca818913cde77b1872a3fe..60de6087a75bd0a9e4bca6d716b2cdb2b4f44a32 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
-.Dd $Mdocdate: December 21 2019 $
+.\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -585,10 +585,18 @@ flag),
 (certificate key types),
 .Ar key-plain
 (non-certificate key types),
+.Ar key-sig
+(all key types and signature algorithms),
 .Ar protocol-version
 (supported SSH protocol versions), and
 .Ar sig
 (supported signature algorithms).
+Alternatively, any keyword from
+.Xr ssh_config 5
+or
+.Xr sshd_config 5
+that takes an algorithm list may be used as an alias for the corresponding
+query_option.
 .Pp
 .It Fl q
 Quiet mode.

diff --git a/ssh.c b/ssh.c
index 326ce21f68601c8f3b4fdf4d63915abb31c543f2..15aee569e55d91839ce5f414a25e6aa0e528ef82 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -736,13 +736,16 @@ main(int ac, char **av)
                        break;
                case 'Q':
                        cp = NULL;
-                       if (strcmp(optarg, "cipher") == 0)
+                       if (strcmp(optarg, "cipher") == 0 ||
+                           strcasecmp(optarg, "Ciphers") == 0)
                                cp = cipher_alg_list('\n', 0);
                        else if (strcmp(optarg, "cipher-auth") == 0)
                                cp = cipher_alg_list('\n', 1);
-                       else if (strcmp(optarg, "mac") == 0)
+                       else if (strcmp(optarg, "mac") == 0 ||
+                           strcasecmp(optarg, "MACs") == 0)
                                cp = mac_alg_list('\n');
-                       else if (strcmp(optarg, "kex") == 0)
+                       else if (strcmp(optarg, "kex") == 0 ||
+                           strcasecmp(optarg, "KexAlgorithms") == 0)
                                cp = kex_alg_list('\n');
                        else if (strcmp(optarg, "key") == 0)
                                cp = sshkey_alg_list(0, 0, 0, '\n');
@@ -750,6 +753,12 @@ main(int ac, char **av)
                                cp = sshkey_alg_list(1, 0, 0, '\n');
                        else if (strcmp(optarg, "key-plain") == 0)
                                cp = sshkey_alg_list(0, 1, 0, '\n');
+                       else if (strcmp(optarg, "key-sig") == 0 ||
+                           strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 ||
+                           strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
+                           strcasecmp(optarg, "HostbasedKeyTypes") == 0 ||
+                           strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0)
+                               cp = sshkey_alg_list(0, 0, 1, '\n');
                        else if (strcmp(optarg, "sig") == 0)
                                cp = sshkey_alg_list(0, 1, 1, '\n');
                        else if (strcmp(optarg, "protocol-version") == 0)
@@ -763,7 +772,7 @@ main(int ac, char **av)
                        } else if (strcmp(optarg, "help") == 0) {
                                cp = xstrdup(
                                    "cipher\ncipher-auth\ncompression\nkex\n"
-                                   "key\nkey-cert\nkey-plain\nmac\n"
+                                   "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
                                    "protocol-version\nsig");
                        }
                        if (cp == NULL)

diff --git a/ssh_config.5 b/ssh_config.5
index 0a6d805449e32aa0801d53be922f3e3084066234..06a32d3142a6427cd71adfda0327d0e5b95d02c2 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.321 2020/01/31 22:25:59 jmc Exp $
-.Dd $Mdocdate: January 31 2020 $
+.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -868,7 +868,7 @@ If hostkeys are known for the destination host then this default is modified
 to prefer their algorithms.
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostKeyAlgorithms .
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -1353,7 +1353,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q PubkeyAcceptedKeyTypes .
 .It Cm PubkeyAuthentication
 Specifies whether to try public key authentication.
 The argument to this keyword must be

diff --git a/sshd_config.5 b/sshd_config.5
index 15a10867612def02bdf099a9a4acd04bfd74b1f1..70ccea449d181d92a8d4e89208a934f2e9487204 100644 (file)
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.306 2020/02/06 22:34:58 naddy Exp $
-.Dd $Mdocdate: February 6 2020 $
+.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -693,7 +693,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostbasedAcceptedKeyTypes .
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -776,7 +776,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q HostKeyAlgorithms .
 .It Cm IgnoreRhosts
 Specifies that
 .Pa .rhosts
@@ -949,7 +949,7 @@ diffie-hellman-group14-sha256
 .Ed
 .Pp
 The list of available key exchange algorithms may also be obtained using
-.Qq ssh -Q kex .
+.Qq ssh -Q KexAlgorithms .
 .It Cm ListenAddress
 Specifies the local addresses
 .Xr sshd 8
@@ -1461,7 +1461,7 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using
-.Qq ssh -Q key .
+.Qq ssh -Q PubkeyAcceptedKeyTypes .
 .It Cm PubkeyAuthOptions
 Sets one or more public key authentication options.
 Two option keywords are currently supported: