diff --git a/examples/proxy.c b/examples/proxy.c index f6cbfbd0..49c39e4c 100644 --- a/examples/proxy.c +++ b/examples/proxy.c @@ -147,7 +147,7 @@ static struct argp_option options[] = { .key = 'r', .arg = "FILE", .flags = 0, - .doc = "Set the rsa key.", + .doc = "Set the rsa host key (deprecated alias to 'k').", .group = 0 }, { @@ -172,12 +172,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { case 'p': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); break; + case 'r': + /* deprecated */ case 'k': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); break; - case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); - break; case 'v': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); break; @@ -226,7 +225,7 @@ int main(int argc, char **argv){ sshbind=ssh_bind_new(); session=ssh_new(); - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "sshd_rsa"); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, "sshd_rsa"); #ifdef HAVE_ARGP_H /* diff --git a/examples/sample_sftpserver.c b/examples/sample_sftpserver.c index f004e455..b96f4ef7 100644 --- a/examples/sample_sftpserver.c +++ b/examples/sample_sftpserver.c @@ -70,12 +70,12 @@ static void set_default_keys(ssh_bind sshbind, { if (!rsa_already_set) { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key"); } if (!ecdsa_already_set) { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_ecdsa_key"); } ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, @@ -165,11 +165,11 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) no_default_keys = 1; break; case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); rsa_already_set = 1; break; case 'e': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ecdsa_already_set = 1; break; case 'a': diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c index 5809701c..6b272102 100644 --- a/examples/samplesshd-cb.c +++ b/examples/samplesshd-cb.c @@ -177,7 +177,7 @@ static struct argp_option options[] = { .key = 'r', .arg = "FILE", .flags = 0, - .doc = "Set the rsa key.", + .doc = "Set the rsa key (deprecated alias for 'k').", .group = 0 }, { @@ -210,12 +210,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { case 'p': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); break; + case 'r': case 'k': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); break; - case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); - break; case 'v': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); break; @@ -267,7 +265,7 @@ int main(int argc, char **argv){ sshbind=ssh_bind_new(); session=ssh_new(); - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key"); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key"); #ifdef HAVE_ARGP_H /* diff --git a/examples/samplesshd-kbdint.c b/examples/samplesshd-kbdint.c index 1ae2e374..d382abac 100644 --- a/examples/samplesshd-kbdint.c +++ b/examples/samplesshd-kbdint.c @@ -117,7 +117,7 @@ static struct argp_option options[] = { .key = 'r', .arg = "FILE", .flags = 0, - .doc = "Set the rsa key.", + .doc = "Set the rsa key (deprecated alias for 'k').", .group = 0 }, { @@ -143,12 +143,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); port = atoi(arg); break; + case 'r': case 'k': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); break; - case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); - break; case 'v': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); break; @@ -295,8 +293,8 @@ int main(int argc, char **argv){ sshbind=ssh_bind_new(); session=ssh_new(); - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, - KEYS_FOLDER "ssh_host_rsa_key"); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, + KEYS_FOLDER "ssh_host_rsa_key"); #ifdef HAVE_ARGP_H /* diff --git a/examples/ssh_server.c b/examples/ssh_server.c index 08878e1a..ef444458 100644 --- a/examples/ssh_server.c +++ b/examples/ssh_server.c @@ -60,11 +60,11 @@ static void set_default_keys(ssh_bind sshbind, int rsa_already_set, int ecdsa_already_set) { if (!rsa_already_set) { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key"); } if (!ecdsa_already_set) { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_ecdsa_key"); } ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, @@ -109,7 +109,7 @@ static struct argp_option options[] = { .key = 'r', .arg = "FILE", .flags = 0, - .doc = "Set the rsa key.", + .doc = "Set the rsa key (deprecated alias for 'k').", .group = 0 }, { @@ -117,7 +117,7 @@ static struct argp_option options[] = { .key = 'e', .arg = "FILE", .flags = 0, - .doc = "Set the ecdsa key.", + .doc = "Set the ecdsa key (deprecated alias for 'k').", .group = 0 }, { @@ -186,11 +186,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { no_default_keys = 1; break; case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); rsa_already_set = 1; break; case 'e': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ecdsa_already_set = 1; break; case 'a': @@ -253,10 +253,10 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) { by just not setting the default keys */ no_default_keys = 1; } else if (key == 'r') { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, optarg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg); rsa_already_set = 1; } else if (key == 'e') { - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, optarg); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg); ecdsa_already_set = 1; } else if (key == 'a') { strncpy(authorizedkeys, optarg, DEF_STR_SIZE-1); @@ -277,13 +277,13 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) { "libssh %s -- a Secure Shell protocol implementation\n" "\n" " -a, --authorizedkeys=FILE Set the authorized keys file.\n" - " -e, --ecdsakey=FILE Set the ecdsa key.\n" + " -e, --ecdsakey=FILE Set the ecdsa key (deprecated alias for 'k').\n" " -k, --hostkey=FILE Set a host key. Can be used multiple times.\n" " Implies no default keys.\n" " -n, --no-default-keys Do not set default key locations.\n" " -p, --port=PORT Set the port to bind.\n" " -P, --pass=PASSWORD Set expected password.\n" - " -r, --rsakey=FILE Set the rsa key.\n" + " -r, --rsakey=FILE Set the rsa key (deprecated alias for 'k').\n" " -u, --user=USERNAME Set expected username.\n" " -v, --verbose Get verbose output.\n" " -?, --help Give this help list\n" diff --git a/examples/sshd_direct-tcpip.c b/examples/sshd_direct-tcpip.c index 2f287466..6b19a4d6 100644 --- a/examples/sshd_direct-tcpip.c +++ b/examples/sshd_direct-tcpip.c @@ -591,7 +591,7 @@ static struct argp_option options[] = { .key = 'r', .arg = "FILE", .flags = 0, - .doc = "Set the rsa key.", + .doc = "Set the rsa key (deprecated alias for 'k').", .group = 0 }, { @@ -618,12 +618,10 @@ parse_opt (int key, char *arg, struct argp_state *state) case 'p': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); break; + case 'r': case 'k': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); break; - case 'r': - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); - break; case 'v': ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1"); break; @@ -674,7 +672,7 @@ main(int argc, char **argv) session = ssh_new(); mainloop = ssh_event_new(); - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key"); + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key"); #ifdef HAVE_ARGP_H /* diff --git a/include/libssh/server.h b/include/libssh/server.h index c2cc1fd4..4033dac7 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -41,11 +41,11 @@ enum ssh_bind_options_e { SSH_BIND_OPTIONS_BINDPORT_STR, SSH_BIND_OPTIONS_HOSTKEY, SSH_BIND_OPTIONS_DSAKEY, /* deprecated */ - SSH_BIND_OPTIONS_RSAKEY, + SSH_BIND_OPTIONS_RSAKEY, /* deprecated */ SSH_BIND_OPTIONS_BANNER, SSH_BIND_OPTIONS_LOG_VERBOSITY, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, - SSH_BIND_OPTIONS_ECDSAKEY, + SSH_BIND_OPTIONS_ECDSAKEY, /* deprecated */ SSH_BIND_OPTIONS_IMPORT_KEY, SSH_BIND_OPTIONS_KEY_EXCHANGE, SSH_BIND_OPTIONS_CIPHERS_C_S, diff --git a/src/options.c b/src/options.c index 97631d94..a3152270 100644 --- a/src/options.c +++ b/src/options.c @@ -1773,18 +1773,18 @@ static int ssh_bind_set_algo(ssh_bind sshbind, * char *). * * - SSH_BIND_OPTIONS_RSAKEY: - * Set the path to the ssh host rsa key, SSHv2 - * only (const char *). + * Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY + * (const char *). * * - SSH_BIND_OPTIONS_ECDSAKEY: - * Set the path to the ssh host ecdsa key, - * SSHv2 only (const char *). + * Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY + * (const char *). * * - SSH_BIND_OPTIONS_BANNER: * Set the server banner sent to clients (const char *). * * - SSH_BIND_OPTIONS_DSAKEY: - * This is DEPRECATED, please do not use + * This is DEPRECATED, please do not use. * * - SSH_BIND_OPTIONS_IMPORT_KEY: * Set the Private Key for the server directly (ssh_key) @@ -1871,6 +1871,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, } switch (type) { + case SSH_BIND_OPTIONS_RSAKEY: + case SSH_BIND_OPTIONS_ECDSAKEY: + /* deprecated */ case SSH_BIND_OPTIONS_HOSTKEY: if (value == NULL) { ssh_set_error_invalid(sshbind); @@ -2060,18 +2063,6 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, ssh_set_log_level(i & 0xffffU); } break; - case SSH_BIND_OPTIONS_RSAKEY: - rc = ssh_bind_set_key(sshbind, &sshbind->rsakey, value); - if (rc < 0) { - return -1; - } - break; - case SSH_BIND_OPTIONS_ECDSAKEY: - rc = ssh_bind_set_key(sshbind, &sshbind->ecdsakey, value); - if (rc < 0) { - return -1; - } - break; case SSH_BIND_OPTIONS_BANNER: if (value == NULL) { ssh_set_error_invalid(sshbind); diff --git a/tests/fuzz/ssh_server_fuzzer.c b/tests/fuzz/ssh_server_fuzzer.c index d901eddc..aa84b8d2 100644 --- a/tests/fuzz/ssh_server_fuzzer.c +++ b/tests/fuzz/ssh_server_fuzzer.c @@ -177,7 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) assert(rc == 0); } rc = ssh_bind_options_set(sshbind, - SSH_BIND_OPTIONS_RSAKEY, + SSH_BIND_OPTIONS_HOSTKEY, "/tmp/libssh_fuzzer_private_key"); assert(rc == 0); rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none"); diff --git a/tests/pkd/pkd_daemon.c b/tests/pkd/pkd_daemon.c index a0295457..ac4b53b7 100644 --- a/tests/pkd/pkd_daemon.c +++ b/tests/pkd/pkd_daemon.c @@ -263,12 +263,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) goto outclose; } - if (type == PKD_RSA) { - opts = SSH_BIND_OPTIONS_RSAKEY; - } else if (type == PKD_ED25519) { + if (type == PKD_RSA || + type == PKD_ED25519 || + type == PKD_ECDSA) { opts = SSH_BIND_OPTIONS_HOSTKEY; - } else if (type == PKD_ECDSA) { - opts = SSH_BIND_OPTIONS_ECDSAKEY; } else { pkderr("unknown hostkey type: %d\n", type); rc = -1; diff --git a/tests/server/test_server/test_server.c b/tests/server/test_server/test_server.c index 9c28aabd..6d0f0808 100644 --- a/tests/server/test_server/test_server.c +++ b/tests/server/test_server/test_server.c @@ -201,7 +201,7 @@ int run_server(struct server_state_st *state) if (state->rsa_key != NULL) { rc = ssh_bind_options_set(sshbind, - SSH_BIND_OPTIONS_RSAKEY, + SSH_BIND_OPTIONS_HOSTKEY, state->rsa_key); if (rc != 0) { fprintf(stderr, @@ -213,7 +213,7 @@ int run_server(struct server_state_st *state) if (state->ecdsa_key != NULL) { rc = ssh_bind_options_set(sshbind, - SSH_BIND_OPTIONS_ECDSAKEY, + SSH_BIND_OPTIONS_HOSTKEY, state->ecdsa_key); if (rc != 0) { fprintf(stderr, diff --git a/tests/torture.c b/tests/torture.c index 820fd108..695df25d 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -395,12 +395,11 @@ ssh_bind torture_ssh_bind(const char *addr, switch (key_type) { case SSH_KEYTYPE_RSA: - opts = SSH_BIND_OPTIONS_RSAKEY; - break; case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P521: - opts = SSH_BIND_OPTIONS_ECDSAKEY; + case SSH_KEYTYPE_ED25519: + opts = SSH_BIND_OPTIONS_HOSTKEY; break; default: goto out_free; diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c index d91252ab..c7e49d65 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -1802,7 +1802,7 @@ static void torture_bind_options_rsakey(void **state) bind = test_state->bind; rc = ssh_bind_options_set(bind, - SSH_BIND_OPTIONS_RSAKEY, + SSH_BIND_OPTIONS_HOSTKEY, LIBSSH_RSA_TESTKEY); assert_int_equal(rc, 0); assert_non_null(bind->rsakey); @@ -1823,7 +1823,7 @@ static void torture_bind_options_ecdsakey(void **state) bind = test_state->bind; rc = ssh_bind_options_set(bind, - SSH_BIND_OPTIONS_ECDSAKEY, + SSH_BIND_OPTIONS_HOSTKEY, LIBSSH_ECDSA_521_TESTKEY); assert_int_equal(rc, 0); assert_non_null(bind->ecdsakey);