[ I'm not subscribed to this list; please CC any followups to me as
well ]
When a user invokes "ssh-add" with no arguments, I think we should
default to adding both version 1 and version 2 keys. Here's a patch
against the source included with my Debian package of OpenSSH:
walters at space-ghost:/usr/src/ssh/openssh-2.9p2$ diff -u ssh-add.c~ ssh-add.c
--- ssh-add.c~ Thu Apr 19 16:33:08 2001
+++ ssh-add.c Sat Jul 28 23:49:01 2001
@@ -182,12 +182,63 @@
printf("The agent has no identities.\n");
}
+void
+add_default_identities(AuthenticationConnection *ac, int deleting)
+{
+ char identity_name[1024];
+ char dsa_name[1024];
+ char rsa_name[1024];
+ struct passwd *pw = getpwuid(getuid());
+ snprintf(identity_name, sizeof identity_name, "%s/%s",
pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
+ snprintf(rsa_name, sizeof rsa_name, "%s/%s", pw->pw_dir,
_PATH_SSH_CLIENT_ID_RSA);
+ snprintf(dsa_name, sizeof dsa_name, "%s/%s", pw->pw_dir,
_PATH_SSH_CLIENT_ID_DSA);
+ if (!pw) {
+ fprintf(stderr, "No user found with uid %u\n",
+ (u_int)getuid());
+ ssh_close_authentication_connection(ac);
+ exit(1);
+ } else {
+ int identity_found = !access(identity_name, R_OK);
+ int rsa_found = !access(rsa_name, R_OK);
+ int dsa_found = !access(dsa_name, R_OK);
+
+ if (!(identity_found || rsa_found || dsa_found)) {
+ fprintf(stderr,
+ "No files specified, and unable to find one of:\n%s\n%s\n%s\n",
+
+ identity_name,
+ rsa_name,
+ dsa_name);
+ ssh_close_authentication_connection(ac);
+ exit(1);
+ }
+ if (identity_found) {
+ if (deleting)
+ delete_file(ac, identity_name);
+ else
+ add_file(ac, identity_name);
+ }
+
+ if (rsa_found) {
+ if (deleting)
+ delete_file(ac, rsa_name);
+ else
+ add_file(ac, rsa_name);
+ }
+
+ if (dsa_found) {
+ if (deleting)
+ delete_file(ac, dsa_name);
+ else
+ add_file(ac, dsa_name);
+ }
+ }
+}
+
int
main(int argc, char **argv)
{
AuthenticationConnection *ac = NULL;
- struct passwd *pw;
- char buf[1024];
int no_files = 1;
int i;
int deleting = 0;
@@ -220,26 +271,16 @@
no_files = 0;
continue;
}
+
no_files = 0;
if (deleting)
delete_file(ac, argv[i]);
else
add_file(ac, argv[i]);
}
- if (no_files) {
- pw = getpwuid(getuid());
- if (!pw) {
- fprintf(stderr, "No user found with uid %u\n",
- (u_int)getuid());
- ssh_close_authentication_connection(ac);
- exit(1);
- }
- snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_CLIENT_IDENTITY);
- if (deleting)
- delete_file(ac, buf);
- else
- add_file(ac, buf);
- }
+ if (no_files)
+ add_default_identities(ac, deleting);
+
clear_pass();
ssh_close_authentication_connection(ac);
exit(0);
walters at space-ghost:/usr/src/ssh/openssh-2.9p2$
cd /usr/src/ssh/openssh-2.9p2/
diff -u /usr/src/ssh/openssh-2.9p2/ssh-add.1\~
/usr/src/ssh/openssh-2.9p2/ssh-add.1
--- /usr/src/ssh/openssh-2.9p2/ssh-add.1~ Wed Apr 11 11:59:36 2001
+++ /usr/src/ssh/openssh-2.9p2/ssh-add.1 Sun Jul 29 00:22:11 2001
@@ -51,10 +51,12 @@
.Nm
adds RSA or DSA identities to the authentication agent,
.Xr ssh-agent 1 .
-When run without arguments, it adds the file
-.Pa $HOME/.ssh/identity .
-Alternative file names can be given on the command line.
-If any file requires a passphrase,
+When run without arguments, it looks for any of
+.Pa $HOME/.ssh/identity ,
+.Pa $HOME/.ssh/id_rsa , and
+.Pa $HOME/.ssh/id_dsa ,
+and adds them if present. Alternative file names can be given on the
+command line. If any file requires a passphrase,
.Nm
asks for the passphrase from the user.
The Passphrase it is read from the user's tty.
@@ -88,9 +90,6 @@
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file.
-This is the default file added by
-.Nm
-when no other files have been specified.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
Diff finished at Sun Jul 29 00:22:17
mouring at etoh.eviladmin.org
2001-Jul-29 05:04 UTC
add version 2 identities by default, too
On Sun, 29 Jul 2001, Colin Walters wrote:> [ I'm not subscribed to this list; please CC any followups to me as > well ] > > When a user invokes "ssh-add" with no arguments, I think we should > default to adding both version 1 and version 2 keys. Here's a patch > against the source included with my Debian package of OpenSSH: > > walters at space-ghost:/usr/src/ssh/openssh-2.9p2$ diff -u ssh-add.c~ ssh-add.c > --- ssh-add.c~ Thu Apr 19 16:33:08 2001 > +++ ssh-add.c Sat Jul 28 23:49:01 2001 > @@ -182,12 +182,63 @@ > printf("The agent has no identities.\n"); > } > > +void > +add_default_identities(AuthenticationConnection *ac, int deleting) > +{ > + char identity_name[1024]; > + char dsa_name[1024]; > + char rsa_name[1024]; > + struct passwd *pw = getpwuid(getuid()); > + snprintf(identity_name, sizeof identity_name, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY); > + snprintf(rsa_name, sizeof rsa_name, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_ID_RSA); > + snprintf(dsa_name, sizeof dsa_name, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_ID_DSA);Correct me if I'm wrong.. But this looks wrong.. Using pw before checking to ensure it's valid?! That just seems like asking for trouble. - Ben> + if (!pw) { > + fprintf(stderr, "No user found with uid %u\n", > + (u_int)getuid()); > + ssh_close_authentication_connection(ac); > + exit(1); > + } else {To me it the creation and population of those variables should be here. Where you know at least the pw has been populated with something that looks like data.> + int identity_found = !access(identity_name, R_OK); > + int rsa_found = !access(rsa_name, R_OK); > + int dsa_found = !access(dsa_name, R_OK); > +[..] - Ben