mirror of
https://github.com/clearml/dropbear
synced 2025-03-15 16:11:55 +00:00
Default client key path ~/.ssh/id_dropbear
This commit is contained in:
parent
4122cac66b
commit
6165f53fcd
@ -38,7 +38,7 @@ static void parse_hostname(const char* orighostarg);
|
|||||||
static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
|
static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
|
||||||
static void fill_own_user();
|
static void fill_own_user();
|
||||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||||
static void loadidentityfile(const char* filename);
|
static void loadidentityfile(const char* filename, int warnfail);
|
||||||
#endif
|
#endif
|
||||||
#ifdef ENABLE_CLI_ANYTCPFWD
|
#ifdef ENABLE_CLI_ANYTCPFWD
|
||||||
static void addforward(const char* str, m_list *fwdlist);
|
static void addforward(const char* str, m_list *fwdlist);
|
||||||
@ -65,7 +65,7 @@ static void printhelp() {
|
|||||||
"-y -y Don't perform any remote host key checking (caution)\n"
|
"-y -y Don't perform any remote host key checking (caution)\n"
|
||||||
"-s Request a subsystem (use by external sftp)\n"
|
"-s Request a subsystem (use by external sftp)\n"
|
||||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||||
"-i <identityfile> (multiple allowed)\n"
|
"-i <identityfile> (multiple allowed, default %s)\n"
|
||||||
#endif
|
#endif
|
||||||
#ifdef ENABLE_CLI_AGENTFWD
|
#ifdef ENABLE_CLI_AGENTFWD
|
||||||
"-A Enable agent auth forwarding\n"
|
"-A Enable agent auth forwarding\n"
|
||||||
@ -95,6 +95,9 @@ static void printhelp() {
|
|||||||
"-v verbose (compiled with DEBUG_TRACE)\n"
|
"-v verbose (compiled with DEBUG_TRACE)\n"
|
||||||
#endif
|
#endif
|
||||||
,DROPBEAR_VERSION, cli_opts.progname,
|
,DROPBEAR_VERSION, cli_opts.progname,
|
||||||
|
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||||
|
DROPBEAR_DEFAULT_CLI_AUTHKEY,
|
||||||
|
#endif
|
||||||
DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
|
DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -174,7 +177,7 @@ void cli_getopts(int argc, char ** argv) {
|
|||||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||||
if (nextiskey) {
|
if (nextiskey) {
|
||||||
/* Load a hostkey since the previous argument was "-i" */
|
/* Load a hostkey since the previous argument was "-i" */
|
||||||
loadidentityfile(argv[i]);
|
loadidentityfile(argv[i], 1);
|
||||||
nextiskey = 0;
|
nextiskey = 0;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -231,7 +234,7 @@ void cli_getopts(int argc, char ** argv) {
|
|||||||
case 'i': /* an identityfile */
|
case 'i': /* an identityfile */
|
||||||
/* Keep scp happy when it changes "-i file" to "-ifile" */
|
/* Keep scp happy when it changes "-i file" to "-ifile" */
|
||||||
if (strlen(argv[i]) > 2) {
|
if (strlen(argv[i]) > 2) {
|
||||||
loadidentityfile(&argv[i][2]);
|
loadidentityfile(&argv[i][2], 1);
|
||||||
} else {
|
} else {
|
||||||
nextiskey = 1;
|
nextiskey = 1;
|
||||||
}
|
}
|
||||||
@ -444,6 +447,14 @@ void cli_getopts(int argc, char ** argv) {
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY
|
||||||
|
{
|
||||||
|
char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY);
|
||||||
|
loadidentityfile(expand_path, 0);
|
||||||
|
m_free(expand_path);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* The hostname gets set up last, since
|
/* The hostname gets set up last, since
|
||||||
* in multi-hop mode it will require knowledge
|
* in multi-hop mode it will require knowledge
|
||||||
* of other flags such as -i */
|
* of other flags such as -i */
|
||||||
@ -455,14 +466,18 @@ void cli_getopts(int argc, char ** argv) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||||
static void loadidentityfile(const char* filename) {
|
static void loadidentityfile(const char* filename, int warnfail) {
|
||||||
sign_key *key;
|
sign_key *key;
|
||||||
enum signkey_type keytype;
|
enum signkey_type keytype;
|
||||||
|
|
||||||
|
TRACE(("loadidentityfile %s", filename))
|
||||||
|
|
||||||
key = new_sign_key();
|
key = new_sign_key();
|
||||||
keytype = DROPBEAR_SIGNKEY_ANY;
|
keytype = DROPBEAR_SIGNKEY_ANY;
|
||||||
if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
|
if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
|
||||||
|
if (warnfail) {
|
||||||
fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
|
fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
|
||||||
|
}
|
||||||
sign_key_free(key);
|
sign_key_free(key);
|
||||||
} else {
|
} else {
|
||||||
key->type = keytype;
|
key->type = keytype;
|
||||||
|
17
dbutil.c
17
dbutil.c
@ -936,6 +936,23 @@ int m_str_to_uint(const char* str, unsigned int *val) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Returns malloced path. Only expands ~ in first character */
|
||||||
|
char * expand_tilde(const char *inpath) {
|
||||||
|
struct passwd *pw = NULL;
|
||||||
|
if (inpath[0] == '~') {
|
||||||
|
pw = getpwuid(getuid());
|
||||||
|
if (pw && pw->pw_dir) {
|
||||||
|
int len = strlen(inpath) + strlen(pw->pw_dir) + 1;
|
||||||
|
char *buf = m_malloc(len);
|
||||||
|
snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fallback */
|
||||||
|
return m_strdup(inpath);
|
||||||
|
}
|
||||||
|
|
||||||
int constant_time_memcmp(const void* a, const void *b, size_t n)
|
int constant_time_memcmp(const void* a, const void *b, size_t n)
|
||||||
{
|
{
|
||||||
const char *xa = a, *xb = b;
|
const char *xa = a, *xb = b;
|
||||||
|
1
dbutil.h
1
dbutil.h
@ -110,5 +110,6 @@ int constant_time_memcmp(const void* a, const void *b, size_t n);
|
|||||||
a real-world clock */
|
a real-world clock */
|
||||||
time_t monotonic_now();
|
time_t monotonic_now();
|
||||||
|
|
||||||
|
char * expand_tilde(const char *inpath);
|
||||||
|
|
||||||
#endif /* _DBUTIL_H_ */
|
#endif /* _DBUTIL_H_ */
|
||||||
|
@ -76,7 +76,8 @@ static void printhelp(char * progname) {
|
|||||||
#ifdef DROPBEAR_ECDSA
|
#ifdef DROPBEAR_ECDSA
|
||||||
" ecdsa\n"
|
" ecdsa\n"
|
||||||
#endif
|
#endif
|
||||||
"-f filename Use filename for the secret key\n"
|
"-f filename Use filename for the secret key.\n"
|
||||||
|
" ~/.ssh/id_dropbear is recommended for client keys.\n"
|
||||||
"-s bits Key size in bits, should be a multiple of 8 (optional)\n"
|
"-s bits Key size in bits, should be a multiple of 8 (optional)\n"
|
||||||
#ifdef DROPBEAR_DSS
|
#ifdef DROPBEAR_DSS
|
||||||
" DSS has a fixed size of 1024 bits\n"
|
" DSS has a fixed size of 1024 bits\n"
|
||||||
|
@ -211,6 +211,10 @@ much traffic. */
|
|||||||
#define ENABLE_CLI_PUBKEY_AUTH
|
#define ENABLE_CLI_PUBKEY_AUTH
|
||||||
#define ENABLE_CLI_INTERACT_AUTH
|
#define ENABLE_CLI_INTERACT_AUTH
|
||||||
|
|
||||||
|
/* A default argument for dbclient -i <privatekey>.
|
||||||
|
leading "~" is expanded */
|
||||||
|
#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear"
|
||||||
|
|
||||||
/* This variable can be used to set a password for client
|
/* This variable can be used to set a password for client
|
||||||
* authentication on the commandline. Beware of platforms
|
* authentication on the commandline. Beware of platforms
|
||||||
* that don't protect environment variables of processes etc. Also
|
* that don't protect environment variables of processes etc. Also
|
||||||
|
Loading…
Reference in New Issue
Block a user