system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/crypto/openssh/regress/keygen-comment.sh
Ed Maste 19261079b7 openssh: update to OpenSSH v8.7p1 
Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
  fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
  key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
  (RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
  support to provide address-space isolation for token middleware
  libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
  conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
  (e.g. "scp host-a:/path host-b:") to transfer through the local host
  by default.
- scp(1): experimental support for transfers using the SFTP protocol as
  a replacement for the venerable SCP/RCP protocol that it has
  traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by:	imp
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29985
2021-09-07 21:05:51 -04:00

53 lines
1.4 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#    Placed in the Public Domain.
tid="Comment extraction from private key"
S1="secret1"
check_fingerprint () {
file="$1"
comment="$2"
trace "fingerprinting $file"
if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
fail "ssh-keygen -l failed for $t-key"
fi
if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
$OBJ/$t-fgp >/dev/null 2>&1 ; then
fail "comment is not correctly recovered for $t-key"
fi
rm -f $OBJ/$t-fgp
}
for fmt in '' RFC4716 PKCS8 PEM; do
for t in $SSH_KEYTYPES; do
trace "generating $t key in '$fmt' format"
rm -f $OBJ/$t-key*
oldfmt=""
case "$fmt" in
PKCS8|PEM) oldfmt=1 ;;
esac
# Some key types like ssh-ed25519 and *@openssh.com are never
# stored in old formats.
case "$t" in
ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
esac
comment="foo bar"
fmtarg=""
test -z "$fmt" || fmtarg="-m $fmt"
${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
-t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
fatal "keygen of $t in format $fmt failed"
check_fingerprint $OBJ/$t-key "${comment}"
check_fingerprint $OBJ/$t-key.pub "${comment}"
# Output fingerprint using only private file
trace "fingerprinting $t key using private key file"
rm -f $OBJ/$t-key.pub
if [ ! -z "$oldfmt" ] ; then
# Comment cannot be recovered from old format keys.
comment="no comment"
fi
check_fingerprint $OBJ/$t-key "${comment}"
rm -f $OBJ/$t-key*
done
done
Reference in a new issue View git blame Copy permalink