Attachment #153177 for bug #221759




.Pp
This strict format is necessary to allow the blacklist file to be checked
quickly, using a binary-search algorithm.
.Sh FILES
.Bl -tag -width Ds
.It Pa ~/.ssh/id_rsa
If present, contains the protocol version 2 RSA authentication identity of
the user.
.It Pa ~/.ssh/id_dsa
If present, contains the protocol version 2 DSA authentication identity of
the user.
.It Pa ~/.ssh/identity
If present, contains the protocol version 1 RSA authentication identity of
the user.
.It Pa ~/.ssh/authorized_keys
If present, lists the public keys (RSA/DSA) that can be used for logging in
as this user.
.It Pa ~/.ssh/authorized_keys2
Obsolete name for
.Pa ~/.ssh/authorized_keys .
This file may still be present on some old systems, but should not be
created if it is missing.
.It Pa /etc/ssh/ssh_host_rsa_key
If present, contains the protocol version 2 RSA identity of the system.
.It Pa /etc/ssh/ssh_host_dsa_key
If present, contains the protocol version 2 DSA identity of the system.
.It Pa /etc/ssh/ssh_host_key
If present, contains the protocol version 1 RSA identity of the system.
.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
If present, lists the blacklisted keys of type
.Ar TYPE
.Pf ( Dq RSA1 ,
.Dq RSA ,
or
.Dq DSA )
and bit length
.Ar LENGTH .
The format of this file is described above.
.El
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
.Xr sshd 8




		f = stdin;
	while (read_keyfile_line(f, filename, line, sizeof(line),
		    &linenum) != -1) {
		int i;
		char *space;
		int type;

		/* Chop trailing newline. */
		i = strlen(line) - 1;
		if (line[i] == '\n')
			line[i] = '\0';

		/* Skip leading whitespace, empty and comment lines. */
		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
			;
		if (!*cp || *cp == '\n' || *cp == '#')
			continue;
		if (*cp) {
			char *space;
			int type;

		/* Cope with ssh-keyscan output and options in
		 * authorized_keys files.
		 */
		space = strchr(cp, ' ');
		if (!space)
			continue;
		*space = '\0';
		type = key_type_from_name(cp);
		*space = ' ';
		/* Leading number (RSA1) or valid type (RSA/DSA) indicates
		 * that we have no host name or options to skip.
		 */
		if (atoi(cp) == 0 && type == KEY_UNSPEC) {
			int quoted = 0;

			for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
				if (*cp == '\\' && cp[1] == '"')
					cp++;	/* Skip both */
				else if (*cp == '"')
					quoted = !quoted;
			}
			/* Skip remaining whitespace. */
			for (; *cp == ' ' || *cp == '\t'; cp++)
				;
			if (!*cp)
				continue;
		}

		/* Read and process the key itself. */
		key = key_new(KEY_RSA1);
		if (key_read(key, &cp) == 1) {
			while (*cp == ' ' || *cp == '\t')
				cp++;
			if (!do_key(key, *cp ? cp : filename))
				ret = 0;
			found = 1;
		} else {
			key_free(key);
			key = key_new(KEY_UNSPEC);
			if (key_read(key, &cp) == 1) {
				while (*cp == ' ' || *cp == '\t')
					cp++;
				if (!do_key(key, *cp ? cp : filename))
					ret = 0;
				key_free(key);
				found = 1;
			} else {
				key_free(key);
				key = key_new(KEY_UNSPEC);
				if (key_read(key, &cp) == 1) {
					if (!do_key(key, comment))
						ret = 0;
					key_free(key);
					found = 1;
				}
			}
		}
		key_free(key);
		comment = NULL;
	}
	if (f != stdin)
		fclose(f);

Return to bug 221759

Lines 138-192 do_filename(const char *filename, int qu Link Here

(-)openssh-4.7p1/ssh-vulnkey.c (-40 / +54 lines)
138	f = stdin;	138	f = stdin;
139	while (read_keyfile_line(f, filename, line, sizeof(line),	139	while (read_keyfile_line(f, filename, line, sizeof(line),
140	&linenum) != -1) {	140	&linenum) != -1) {
141	cp = line;	141	int i;
142	switch (*cp) {	142	char *space;
143	case '#':	143	int type;
144	case '\n':	144
145	case '\0':	145	/* Chop trailing newline. */
146	continue;	146	i = strlen(line) - 1;
147	}	147	if (line[i] == '\n')
148	/* Skip leading whitespace. */	148	line[i] = '\0';
149	for (; cp && (cp == ' ' \|\| *cp == '\t'); cp++)	149
		150	/* Skip leading whitespace, empty and comment lines. */
		151	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
150	;	152	;
151	/* Cope with ssh-keyscan output. */	153	if (!cp \|\| cp == '\n' \|\| *cp == '#')
152	comment = NULL;	154	continue;
153	if (*cp) {
154	char *space;
155	int type;
156		155
157	space = strchr(cp, ' ');	156	/* Cope with ssh-keyscan output and options in
158	if (!space)	157	* authorized_keys files.
159	continue;	158	*/
160	*space = '\0';	159	space = strchr(cp, ' ');
161	type = key_type_from_name(cp);	160	if (!space)
162	if (type == KEY_UNSPEC) {	161	continue;
163	comment = xstrdup(cp);	162	*space = '\0';
164	cp = space + 1;	163	type = key_type_from_name(cp);
		164	*space = ' ';
		165	/* Leading number (RSA1) or valid type (RSA/DSA) indicates
		166	* that we have no host name or options to skip.
		167	*/
		168	if (atoi(cp) == 0 && type == KEY_UNSPEC) {
		169	int quoted = 0;
		170
		171	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
		172	if (*cp == '\\' && cp[1] == '"')
		173	cp++; /* Skip both */
		174	else if (*cp == '"')
		175	quoted = !quoted;
165	}	176	}
166	*space = ' ';	177	/* Skip remaining whitespace. */
		178	for (; cp == ' ' \|\| cp == '\t'; cp++)
		179	;
		180	if (!*cp)
		181	continue;
167	}	182	}
168	if (!comment)	183
169	comment = xstrdup(filename);	184	/* Read and process the key itself. */
170	if (*cp) {	185	key = key_new(KEY_RSA1);
171	key = key_new(KEY_RSA1);	186	if (key_read(key, &cp) == 1) {
		187	while (cp == ' ' \|\| cp == '\t')
		188	cp++;
		189	if (!do_key(key, *cp ? cp : filename))
		190	ret = 0;
		191	found = 1;
		192	} else {
		193	key_free(key);
		194	key = key_new(KEY_UNSPEC);
172	if (key_read(key, &cp) == 1) {	195	if (key_read(key, &cp) == 1) {
173	if (!do_key(key, comment))	196	while (cp == ' ' \|\| cp == '\t')
		197	cp++;
		198	if (!do_key(key, *cp ? cp : filename))
174	ret = 0;	199	ret = 0;
175	key_free(key);
176	found = 1;	200	found = 1;
177	} else {
178	key_free(key);
179	key = key_new(KEY_UNSPEC);
180	if (key_read(key, &cp) == 1) {
181	if (!do_key(key, comment))
182	ret = 0;
183	key_free(key);
184	found = 1;
185	}
186	}	201	}
187	}	202	}
188	xfree(comment);	203	key_free(key);
189	comment = NULL;
190	}	204	}
191	if (f != stdin)	205	if (f != stdin)
192	fclose(f);	206	fclose(f);

Lines 138-143 The key fingerprint may be generated usi Link Here

(-)openssh-4.7p1/ssh-vulnkey.1 (+36 lines)
138	.Pp	138	.Pp
139	This strict format is necessary to allow the blacklist file to be checked	139	This strict format is necessary to allow the blacklist file to be checked
140	quickly, using a binary-search algorithm.	140	quickly, using a binary-search algorithm.
		141	.Sh FILES
		142	.Bl -tag -width Ds
		143	.It Pa ~/.ssh/id_rsa
		144	If present, contains the protocol version 2 RSA authentication identity of
		145	the user.
		146	.It Pa ~/.ssh/id_dsa
		147	If present, contains the protocol version 2 DSA authentication identity of
		148	the user.
		149	.It Pa ~/.ssh/identity
		150	If present, contains the protocol version 1 RSA authentication identity of
		151	the user.
		152	.It Pa ~/.ssh/authorized_keys
		153	If present, lists the public keys (RSA/DSA) that can be used for logging in
		154	as this user.
		155	.It Pa ~/.ssh/authorized_keys2
		156	Obsolete name for
		157	.Pa ~/.ssh/authorized_keys .
		158	This file may still be present on some old systems, but should not be
		159	created if it is missing.
		160	.It Pa /etc/ssh/ssh_host_rsa_key
		161	If present, contains the protocol version 2 RSA identity of the system.
		162	.It Pa /etc/ssh/ssh_host_dsa_key
		163	If present, contains the protocol version 2 DSA identity of the system.
		164	.It Pa /etc/ssh/ssh_host_key
		165	If present, contains the protocol version 1 RSA identity of the system.
		166	.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
		167	If present, lists the blacklisted keys of type
		168	.Ar TYPE
		169	.Pf ( Dq RSA1 ,
		170	.Dq RSA ,
		171	or
		172	.Dq DSA )
		173	and bit length
		174	.Ar LENGTH .
		175	The format of this file is described above.
		176	.El
141	.Sh SEE ALSO	177	.Sh SEE ALSO
142	.Xr ssh-keygen 1 ,	178	.Xr ssh-keygen 1 ,
143	.Xr sshd 8	179	.Xr sshd 8