diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-07-20 03:29:14 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-07-20 13:38:47 +1000 |
commit | 9ab929ca2d820520327b41929372bcb9e261534c (patch) | |
tree | 661452ed46950b15c149d4e76930d715d3cb09c5 /ssh-keygen.c | |
parent | 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da (diff) | |
download | openssh-git-9ab929ca2d820520327b41929372bcb9e261534c.tar.gz |
upstream: when enrolling a resident key on a security token, check
if a credential with matching application and user ID strings already exists.
if so, prompt the user for confirmation before overwriting the credential.
patch from Pedro Martelletto via GHPR329
NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
implementations will need to adjust
OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 0664e3b1..51cb7e32 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.455 2022/07/20 03:13:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.456 2022/07/20 03:29:14 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3216,6 +3216,24 @@ save_attestation(struct sshbuf *attest, const char *path) "%s\n", path); } +static int +confirm_sk_overwrite(const char *application, const char *user) +{ + char yesno[3]; + + printf("A resident key scoped to '%s' with user id '%s' already " + "exists.\n", application == NULL ? "ssh:" : application, + user == NULL ? "null" : user); + printf("Overwrite key in token (y/n)? "); + fflush(stdout); + if (fgets(yesno, sizeof(yesno), stdin) == NULL) + return 0; + if (yesno[0] != 'y' && yesno[0] != 'Y') + return 0; + printf("Touch your authenticator to authorize key generation.\n"); + return 1; +} + static void usage(void) { @@ -3803,6 +3821,13 @@ main(int argc, char **argv) &private, attest); if (r == 0) break; + if (r == SSH_ERR_KEY_BAD_PERMISSIONS && + (sk_flags & SSH_SK_RESIDENT_KEY) != 0 && + (sk_flags & SSH_SK_FORCE_OPERATION) == 0 && + confirm_sk_overwrite(sk_application, sk_user)) { + sk_flags |= SSH_SK_FORCE_OPERATION; + continue; + } if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal_r(r, "Key enrollment failed"); else if (passphrase != NULL) { |