# HG changeset patch # User Matt Johnston # Date 1422029126 -28800 # Node ID 6fb4c010c448712323e8fedf6b4f75985be6f87e # Parent 5c5ade33692666d8ccba71db9b4a3bced504cc2d Default client key path ~/.ssh/id_dropbear diff -r 5c5ade336926 -r 6fb4c010c448 cli-runopts.c --- a/cli-runopts.c Fri Jan 23 23:00:25 2015 +0800 +++ b/cli-runopts.c Sat Jan 24 00:05:26 2015 +0800 @@ -38,7 +38,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0); static void fill_own_user(); #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename); +static void loadidentityfile(const char* filename, int warnfail); #endif #ifdef ENABLE_CLI_ANYTCPFWD static void addforward(const char* str, m_list *fwdlist); @@ -65,7 +65,7 @@ "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" #ifdef ENABLE_CLI_PUBKEY_AUTH - "-i (multiple allowed)\n" + "-i (multiple allowed, default %s)\n" #endif #ifdef ENABLE_CLI_AGENTFWD "-A Enable agent auth forwarding\n" @@ -95,6 +95,9 @@ "-v verbose (compiled with DEBUG_TRACE)\n" #endif ,DROPBEAR_VERSION, cli_opts.progname, +#ifdef ENABLE_CLI_PUBKEY_AUTH + DROPBEAR_DEFAULT_CLI_AUTHKEY, +#endif DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -174,7 +177,7 @@ #ifdef ENABLE_CLI_PUBKEY_AUTH if (nextiskey) { /* Load a hostkey since the previous argument was "-i" */ - loadidentityfile(argv[i]); + loadidentityfile(argv[i], 1); nextiskey = 0; continue; } @@ -231,7 +234,7 @@ case 'i': /* an identityfile */ /* Keep scp happy when it changes "-i file" to "-ifile" */ if (strlen(argv[i]) > 2) { - loadidentityfile(&argv[i][2]); + loadidentityfile(&argv[i][2], 1); } else { nextiskey = 1; } @@ -444,6 +447,14 @@ } #endif +#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY + { + char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY); + loadidentityfile(expand_path, 0); + m_free(expand_path); + } +#endif + /* The hostname gets set up last, since * in multi-hop mode it will require knowledge * of other flags such as -i */ @@ -455,14 +466,18 @@ } #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename) { +static void loadidentityfile(const char* filename, int warnfail) { sign_key *key; enum signkey_type keytype; + TRACE(("loadidentityfile %s", filename)) + key = new_sign_key(); keytype = DROPBEAR_SIGNKEY_ANY; if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) { - fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + if (warnfail) { + fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + } sign_key_free(key); } else { key->type = keytype; diff -r 5c5ade336926 -r 6fb4c010c448 dbutil.c --- a/dbutil.c Fri Jan 23 23:00:25 2015 +0800 +++ b/dbutil.c Sat Jan 24 00:05:26 2015 +0800 @@ -936,6 +936,23 @@ } } +/* Returns malloced path. Only expands ~ in first character */ +char * expand_tilde(const char *inpath) { + struct passwd *pw = NULL; + if (inpath[0] == '~') { + pw = getpwuid(getuid()); + if (pw && pw->pw_dir) { + int len = strlen(inpath) + strlen(pw->pw_dir) + 1; + char *buf = m_malloc(len); + snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]); + return buf; + } + } + + /* Fallback */ + return m_strdup(inpath); +} + int constant_time_memcmp(const void* a, const void *b, size_t n) { const char *xa = a, *xb = b; diff -r 5c5ade336926 -r 6fb4c010c448 dbutil.h --- a/dbutil.h Fri Jan 23 23:00:25 2015 +0800 +++ b/dbutil.h Sat Jan 24 00:05:26 2015 +0800 @@ -110,5 +110,6 @@ a real-world clock */ time_t monotonic_now(); +char * expand_tilde(const char *inpath); #endif /* _DBUTIL_H_ */ diff -r 5c5ade336926 -r 6fb4c010c448 dropbearkey.c --- a/dropbearkey.c Fri Jan 23 23:00:25 2015 +0800 +++ b/dropbearkey.c Sat Jan 24 00:05:26 2015 +0800 @@ -76,7 +76,8 @@ #ifdef DROPBEAR_ECDSA " ecdsa\n" #endif - "-f filename Use filename for the secret key\n" + "-f filename Use filename for the secret key.\n" + " ~/.ssh/id_dropbear is recommended for client keys.\n" "-s bits Key size in bits, should be a multiple of 8 (optional)\n" #ifdef DROPBEAR_DSS " DSS has a fixed size of 1024 bits\n" diff -r 5c5ade336926 -r 6fb4c010c448 options.h --- a/options.h Fri Jan 23 23:00:25 2015 +0800 +++ b/options.h Sat Jan 24 00:05:26 2015 +0800 @@ -211,6 +211,10 @@ #define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_INTERACT_AUTH +/* A default argument for dbclient -i . + leading "~" is expanded */ +#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" + /* This variable can be used to set a password for client * authentication on the commandline. Beware of platforms * that don't protect environment variables of processes etc. Also