- djm@cvs.openbsd.org 2011/10/18 05:00:48

[ssh-add.1 ssh-add.c] new "ssh-add -k" option to load plain keys (skipping certificates); "looks ok" markus@
author: djm <djm> 2011-10-18 05:06:33 +0000
committer: djm <djm> 2011-10-18 05:06:33 +0000
commit: bcb02ce13655c76c8c70fec459e16906325b42ee (patch)
tree: f4fdad3da970dc50200373017dc7964ca04b629d
parent: 18e3c5c780e27920a5339d23cca39a258db8013e (diff)
download: openssh-bcb02ce13655c76c8c70fec459e16906325b42ee.tar.gz
3 files changed, 27 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 583f88f2..1ff34171 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,10 @@
      [auth-options.c key.c]
      remove explict search for \0 in packet strings, this job is now done
      implicitly by buffer_get_cstring; ok markus
+   - djm@cvs.openbsd.org 2011/10/18 05:00:48
+     [ssh-add.1 ssh-add.c]
+     new "ssh-add -k" option to load plain keys (skipping certificates);
+     "looks ok" markus@
 
 20111001
  - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning.  ok djm
diff --git a/ssh-add.1 b/ssh-add.1
index fd48ff98..aec620de 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 28 2010 $
+.Dd $Mdocdate: October 18 2011 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Nd adds private key identities to the authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdLlXx
+.Op Fl cDdkLlXx
 .Op Fl t Ar life
 .Op Ar
 .Nm ssh-add
@@ -110,6 +110,9 @@ and retry.
 .It Fl e Ar pkcs11
 Remove keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
+.It Fl k
+When loading keys into the agent, load plain private keys only and skip
+certificates.
 .It Fl L
 Lists public key parameters of all identities currently represented
 by the agent.
diff --git a/ssh-add.c b/ssh-add.c
index 6d5e2a95..ea7619e6 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.102 2011/10/18 05:00:48 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac)
 }
 
 static int
-add_file(AuthenticationConnection *ac, const char *filename)
+add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 {
 	Key *private, *cert;
 	char *comment = NULL;
-	char msg[1024], *certpath;
+	char msg[1024], *certpath = NULL;
 	int fd, perms_ok, ret = -1;
 	Buffer keyblob;
 
@@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
 		fprintf(stderr, "Could not add identity: %s\n", filename);
 	}
 
+	/* Skip trying to load the cert if requested */
+	if (key_only)
+		goto out;
 
 	/* Now try to add the certificate flavour too */
 	xasprintf(&certpath, "%s-cert.pub", filename);
@@ -253,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename)
 	if (confirm != 0)
 		fprintf(stderr, "The user must confirm each use of the key\n");
  out:
-	xfree(certpath);
+	if (certpath != NULL)
+		xfree(certpath);
 	xfree(comment);
 	key_free(private);
 
@@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock)
 }
 
 static int
-do_file(AuthenticationConnection *ac, int deleting, char *file)
+do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
 {
 	if (deleting) {
 		if (delete_file(ac, file) == -1)
 			return -1;
 	} else {
-		if (add_file(ac, file) == -1)
+		if (add_file(ac, file, key_only) == -1)
 			return -1;
 	}
 	return 0;
@@ -383,7 +387,7 @@ main(int argc, char **argv)
 	extern int optind;
 	AuthenticationConnection *ac = NULL;
 	char *pkcs11provider = NULL;
-	int i, ch, deleting = 0, ret = 0;
+	int i, ch, deleting = 0, ret = 0, key_only = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -400,8 +404,11 @@ main(int argc, char **argv)
 		    "Could not open a connection to your authentication agent.\n");
 		exit(2);
 	}
-	while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
 		switch (ch) {
+		case 'k':
+			key_only = 1;
+			break;
 		case 'l':
 		case 'L':
 			if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@@ -467,7 +474,7 @@ main(int argc, char **argv)
 			    default_files[i]);
 			if (stat(buf, &st) < 0)
 				continue;
-			if (do_file(ac, deleting, buf) == -1)
+			if (do_file(ac, deleting, key_only, buf) == -1)
 				ret = 1;
 			else
 				count++;
@@ -476,7 +483,7 @@ main(int argc, char **argv)
 			ret = 1;
 	} else {
 		for (i = 0; i < argc; i++) {
-			if (do_file(ac, deleting, argv[i]) == -1)
+			if (do_file(ac, deleting, key_only, argv[i]) == -1)
 				ret = 1;
 		}
 	}
author	djm <djm>	2011-10-18 05:06:33 +0000
committer	djm <djm>	2011-10-18 05:06:33 +0000
commit	bcb02ce13655c76c8c70fec459e16906325b42ee (patch)
tree	f4fdad3da970dc50200373017dc7964ca04b629d
parent	18e3c5c780e27920a5339d23cca39a258db8013e (diff)
download	openssh-bcb02ce13655c76c8c70fec459e16906325b42ee.tar.gz