From 2d688ef699f15352cd26c1f6f0e1f4fc4b0daf6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Thu, 9 Jun 2022 01:40:35 +0200 Subject: [PATCH 01/26] release.pl: print link to create the GitHub release --- release.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/release.pl b/release.pl index 3e83e25..1fc08ac 100755 --- a/release.pl +++ b/release.pl @@ -282,6 +282,7 @@ ($;@) $new_release_commit; say 'Done'. say "You can now push: \e[1mgit push $remote : v$version\e[m"; + say "Then, open https://github.com/dolmen/github-keygen/releases/new?tag=v$version" } else { say "You can now push: \e[1mgit push $remote :\e[m"; } From ca47bda8ec15a07d321f41241087e3d0ad60c622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 13 Sep 2022 21:52:01 +0200 Subject: [PATCH 02/26] Fix ignored -C when creating key (GitHub #46) When a user was providing a custom key comment via -C, it was ignored and our default comment always overrided it. Fixed. https://github.com/dolmen/github-keygen/issues/46 --- bin/github-keygen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index cd48ba1..dbd3420 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -341,7 +341,7 @@ foreach my $user (@github_accounts) { printf "Creating private key %s for user %s...\n", compress_path($u->{key_file}), $user; - $u->{key_comment} = hostname."/$user\@github.com"; + $u->{key_comment} //= hostname."/$user\@github.com"; system 'ssh-keygen', '-t', delete $u->{key_type}, From 3b15af977002b93946da699792063bab812e8077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 13 Sep 2022 21:56:29 +0200 Subject: [PATCH 03/26] README: changelog for #46 fix --- README.pod | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.pod b/README.pod index bf819f1..e4739b5 100644 --- a/README.pod +++ b/README.pod @@ -258,6 +258,12 @@ L. =over 4 +=item NEXT + +On key creation, custom key comment provided by -C was ignored +(L). This is fixed. +Thanks to L<@tinhtruong|https://github.com/tinhtruong> for the report. + =item v1.306 On key creation, switch default key size from 2048 bits to 4096 bits. From f8f03af292e41ab994106b9ca4be4601cebb9af3 Mon Sep 17 00:00:00 2001 From: Tomas Ruzicka Date: Wed, 29 Mar 2023 19:50:56 +0200 Subject: [PATCH 04/26] fix usage default --- bin/github-keygen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index dbd3420..e944340 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -950,7 +950,7 @@ Set default key type for key creation. Default is C. =item -b I -Set default key bits for key creation. Default is C<2048>. +Set default key bits for key creation. Default is C<4096>. =back From a3c5eac093e5af3b56e4040fc9615a46d7597a8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 8 Oct 2024 13:29:50 +0200 Subject: [PATCH 05/26] github-keygen.cmd: fix for modern Git for Windows --- github-keygen.cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-keygen.cmd b/github-keygen.cmd index 489b0a8..d3b6e3a 100644 --- a/github-keygen.cmd +++ b/github-keygen.cmd @@ -4,7 +4,7 @@ setlocal :: Add %GIT_HOME% to %PATH%: this should provide perl.exe and ssh-keygen.exe :: Unfortunately msysgit only bundles perl 5.8.8 and no Pod::Usage :: See https://github.com/msysgit/msysgit/issues/61 -for %%f in (git.cmd git.exe) do if not !%%~d$PATH:f==! for /D %%i in ("%%~dp$PATH:f..\bin") do path %PATH%;%%~fi +for %%f in (git.cmd git.exe) do if not !%%~d$PATH:f==! for /D %%i in ("%%~dp$PATH:f..\bin" "%%~dp$PATH:f..\usr\bin") do if exist %%~fi\perl.exe path %PATH%;%%~fi ::echo %PATH% ::ssh -V perl %~dpn0 %* From 816d6fe6b6853f793d276f757ae3044dca6b728a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 8 Oct 2024 13:37:40 +0200 Subject: [PATCH 06/26] Fix parsing of SSH version on Windows Fix extraction of OpenSSH version on Windows: ssh -V OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 --- bin/github-keygen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index e944340..8915f4a 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -490,7 +490,7 @@ if (@github_accounts) { # '6.6.1p1' => 0x6611 # '4.6p1' => 0x4601 my $SSH_VERSION = do { - my @V = $SSH_V =~ /^OpenSSH_([0-9]+)\.([0-9]+)(?:\.([0-9]+))?p([0-9]+)/; + my @V = $SSH_V =~ /^OpenSSH(?:[^0-9]+)_([0-9]+)\.([0-9]+)(?:\.([0-9]+))?p([0-9]+)/; ($V[0] << 12) | ($V[1] << 8) | (($V[2] || 0) << 4) | $V[3] }; From 4b2806108e867fed0717c016f635680ad1aff765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 13:14:45 +0100 Subject: [PATCH 07/26] CONTRIBUTING.pod: document initial Perl setup --- CONTRIBUTING.pod | 65 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 55 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.pod b/CONTRIBUTING.pod index a261b78..a3f104d 100644 --- a/CONTRIBUTING.pod +++ b/CONTRIBUTING.pod @@ -23,19 +23,56 @@ to render it in a terminal: =over 4 -=item 1. Get the source +=item 1. Setup a Perl development environment + +There are various ways to setup a Perl development environment, but here is mine + (@dolmen). The key principles are: + +=over 4 + +=item a. Do not depend on the Perl of the operating system. Instead, install a recent version which you control upgrades independently of the O/S. + +=item b. Setup environment to install Perl modules from CPAN using cpanm. + +=back + + +Step by step on MacOS (zsh): + +=over 4 + +=item a. Install L (note: this is incompatible with I) + + git clone git://github.com/tokuhirom/plenv.git ~/.plenv + echo 'export PATH="$HOME/.plenv/bin:$PATH"' >> ~/.profile + echo 'eval "$(plenv init -)"' >> ~/.zshrc + exec $SHELL -l + git clone git://github.com/tokuhirom/Perl-Build.git ~/.plenv/plugins/perl-build/ + +=item b. Install a recent perl: + + plenv install 5.40.1 + plenv global 5.40.1 + +=item c. Install cpanm: + + plenv install-cpanm + +=back + +=item 2. Get the source git clone --origin upstream git://github.com/dolmen/github-keygen.git cd github-keygen git checkout master -=item 2. Install build dependencies +=item 3. Install build dependencies Not required for doc patches. curl -L https://cpanmin.us | perl - --installdeps --with-develop . -=item 3. Make your fix/feature +=item 4. Make your fix/feature git checkout -b master @@ -49,25 +86,33 @@ Not required for doc patches. git commit -=item 4. Setup a fork +=item 5. Setup a fork + +=over 4 -=item 4.1. L +=item 5.1. L -=item 4.2. Link your local repo to your fork (just once) +=item 5.2. Link your local repo to your fork (just once) (You are using C isn't it?) git remote add github .github.com:/github-keygen.git -=item 5. Submit your work +=back + +=item 6. Submit your work -=item 5.1 Push! +=over 4 + +=item 6.1 Push! git push github -=item 5.2 Submit a pull request on GitHub +=item 6.2 Submit a pull request on GitHub + +=back -=item 6. Loop +=item 7. Loop Redo from step 3. From a31164a36b0a26e73a38ad96e82e22451d5ee962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 13:38:28 +0100 Subject: [PATCH 08/26] CONTRIBUTING.pod: refactor doc Refactor doc to extract initial setup in a separate section. --- CONTRIBUTING.pod | 75 +++++++++++++++++++++++++++++------------------- 1 file changed, 46 insertions(+), 29 deletions(-) diff --git a/CONTRIBUTING.pod b/CONTRIBUTING.pod index a3f104d..7e4c325 100644 --- a/CONTRIBUTING.pod +++ b/CONTRIBUTING.pod @@ -19,11 +19,9 @@ to render it in a terminal: perldoc CONTRIBUTING.pod -=head1 PATCHING, STEP BY STEP - -=over 4 +=head1 INITIAL SETUP -=item 1. Setup a Perl development environment +=head2 1. Setup a Perl development environment There are various ways to setup a Perl development environment, but here is mine (@dolmen). The key principles are: @@ -32,7 +30,7 @@ There are various ways to setup a Perl development environment, but here is mine =item a. Do not depend on the Perl of the operating system. Instead, install a recent version which you control upgrades independently of the O/S. -=item b. Setup environment to install Perl modules from CPAN using cpanm. +=item b. Setup environment to install Perl modules from CPAN into that C using C. =back @@ -54,67 +52,85 @@ Step by step on MacOS (zsh): plenv install 5.40.1 plenv global 5.40.1 -=item c. Install cpanm: +=item c. Install L: plenv install-cpanm =back -=item 2. Get the source + +=head2 2. Get the source git clone --origin upstream git://github.com/dolmen/github-keygen.git cd github-keygen git checkout master -=item 3. Install build dependencies +=head2 3. Install build dependencies Not required for doc patches. curl -L https://cpanmin.us | perl - --installdeps --with-develop . -=item 4. Make your fix/feature +=head2 4. Setup a fork - git checkout -b master +=over 4 - $EDITOR bin/github-keygen +=item 4.1. L - # Test... - bin/github-keygen ... +=item 4.2. Link your local repo to your fork: - # Run the author testsuite - prove -v xt +(You are already using C, aren't you?) - git commit + git remote add github .github.com:/github-keygen.git + git remote update -=item 5. Setup a fork +=back + +=head1 PATCHING, STEP BY STEP =over 4 -=item 5.1. L +=item 1. Update your local fork -=item 5.2. Link your local repo to your fork (just once) + git remote update + git checkout master + git rebase upstream/master -(You are using C isn't it?) +=item 2. Update Perl dependencies (not required for doc patches) - git remote add github .github.com:/github-keygen.git + curl -L https://cpanmin.us | perl - --installdeps --with-develop . + + +=item 3. Make your fix/feature in a dedicated Git branch + + git checkout -b upstream/master + + $EDITOR bin/github-keygen + + # Test... + bin/github-keygen ... + + # Run the author testsuite + prove -v xt + + git commit -=back -=item 6. Submit your work +=item 4. Submit your work =over 4 -=item 6.1 Push! +=item 4.1 Push! git push github -=item 6.2 Submit a pull request on GitHub +=item 4.2 Submit a pull request on GitHub =back -=item 7. Loop +=item 5. Loop -Redo from step 3. +Ready for another contribution? Redo from step 1! =back @@ -135,9 +151,10 @@ Redo from step 3. =item * Release git checkout master + ./release.pl -n ./release.pl - git push origin master release - git push origin --tags + git push github master release + git push github --tags =back From a2aec2b6ebdfc6ffc0b35a8e8734100455460115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 16:08:07 +0100 Subject: [PATCH 09/26] README: fix http:// urls to https:// ... as much as possible. interrobeng.com is still only available on http:// Remove no longer relevant TODO in xt/03-no-404s.t as everything pass with latest toolchain. --- README.pod | 10 +++++----- xt/03-no-404s.t | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.pod b/README.pod index e4739b5..212a053 100644 --- a/README.pod +++ b/README.pod @@ -100,7 +100,7 @@ Disable bad things that could come from the GitHub hosts ("Trust no-one") Disable the C option to protect you if ever GitHub (or a MITM) tries to exploit the -L vulnerability|http://www.openssh.com/txt/release-7.1p2>. +L vulnerability|https://www.openssh.com/txt/release-7.1p2>. =back @@ -226,7 +226,7 @@ more like a wizard that you use just once. So just get the file, run it, and delete it. I: the tool is written in Perl, but you don't have to install -L (or Cygwin or ActivePerl); the perl +L (or Cygwin or ActivePerl); the perl bundled with L will be automatically detected and used. @@ -346,7 +346,7 @@ settings were applied before our own. =item v1.101 Config: set C to protect against the -L vulnerability|http://www.openssh.com/txt/release-7.1p2>. +L vulnerability|https://www.openssh.com/txt/release-7.1p2>. =item v1.100 @@ -372,7 +372,7 @@ Various fixes/workarounds to restore full support of the old SSH (4.6p1) that is bundled with msysgit (Git on Win32). Store the C in C<$XDG_RUNTIME_DIR> (see the -L) +L) if available. Doc fixes: change "Github" to "GitHub". @@ -420,7 +420,7 @@ with GitHub. Fixed a message that wrongly told to paste the I key (C<'.pub'> forgotten). Fixed at the -L, +L, but released (too) long later. =item v1.006 diff --git a/xt/03-no-404s.t b/xt/03-no-404s.t index c153c1f..dafd07f 100644 --- a/xt/03-no-404s.t +++ b/xt/03-no-404s.t @@ -9,7 +9,8 @@ use Test::More 0.88 use Test::Pod::No404s; -$TODO = 'Test::Pod::No404s has issues with stribika.github.io and cpanmin.us'; +# $TODO = 'Test::Pod::No404s has issues with '; + pod_file_ok($_) for qw< README.pod bin/github-keygen CONTRIBUTING.pod >; done_testing; From db4753b329b73a281934ec24b7083cd720bec1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 16:57:12 +0100 Subject: [PATCH 10/26] CONTRIBUTING.pod: fix http:// URL to https:// --- CONTRIBUTING.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.pod b/CONTRIBUTING.pod index 7e4c325..042a005 100644 --- a/CONTRIBUTING.pod +++ b/CONTRIBUTING.pod @@ -14,7 +14,7 @@ C> branch, then submitted as pull requests at GitHub. The documentation is written using the -L format. Use the C tool +L format. Use the C tool to render it in a terminal: perldoc CONTRIBUTING.pod From edc5932fedb95a3c652e46bcd5745a04967f21e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 16:57:49 +0100 Subject: [PATCH 11/26] xt/03-no-404s: check that LWP::Protocol::https is installed Test::Pod::No404s requires indirectly LWP::Protocol::https to be able to test https:// URLs. Let's add a check that the module is installed. --- xt/03-no-404s.t | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xt/03-no-404s.t b/xt/03-no-404s.t index dafd07f..f25b273 100644 --- a/xt/03-no-404s.t +++ b/xt/03-no-404s.t @@ -9,6 +9,9 @@ use Test::More 0.88 use Test::Pod::No404s; +require_ok "LWP/Protocol/https.pm" or BAIL_OUT 'Module LWP::Protocol::https is required to check for https:// URLs'; + + # $TODO = 'Test::Pod::No404s has issues with '; pod_file_ok($_) for qw< README.pod bin/github-keygen CONTRIBUTING.pod >; From d99fefa828183c0b5d6a5da43d9c10917662de9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 19:22:54 +0100 Subject: [PATCH 12/26] CONTRIBUTING.pod: set encoding to "utf8" --- CONTRIBUTING.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.pod b/CONTRIBUTING.pod index 042a005..85208d7 100644 --- a/CONTRIBUTING.pod +++ b/CONTRIBUTING.pod @@ -1,6 +1,8 @@ # To read this file, run: # perldoc CONTRIBUTING.pod +=encoding utf8 + =head1 NAME How to contribute to C? From e6a0e9efc0b8e9dbe85252c17d95286f283107fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 19:25:15 +0100 Subject: [PATCH 13/26] README.pod: set encoding to "utf8" --- README.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.pod b/README.pod index 212a053..ebe7358 100644 --- a/README.pod +++ b/README.pod @@ -1,5 +1,7 @@ =pod +=encoding utf8 + =for stopwords MITM versioning =head1 NAME From 126efddf63bdb2355115af27ef60946ebc5f30fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 21:57:52 +0100 Subject: [PATCH 14/26] cpanfile: add more missing develop dependencies Add LWP::Protocol::https and Test::Vars which are used in author tests (xt/*.t). --- cpanfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpanfile b/cpanfile index 841efd2..dc31b8c 100644 --- a/cpanfile +++ b/cpanfile @@ -31,7 +31,8 @@ on develop => sub { requires 'File::Path'; requires 'IPC::Run'; requires 'Symbol'; - requires 'LWP::Protocol::https'; + requires 'LWP::Protocol::https'; # xt/03-03-no-404s.t + requires 'Test::Vars'; # xt/04-unused-vars.t # tools/ recommends 'Path::Tiny'; From f59097376073e2057f65a1629fad253e9c2d636b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Jan 2025 22:05:15 +0100 Subject: [PATCH 15/26] Update copyright year --- README.pod | 2 +- bin/github-keygen | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.pod b/README.pod index ebe7358..2e6b3ca 100644 --- a/README.pod +++ b/README.pod @@ -525,7 +525,7 @@ If you want to contribute, have a look to L. =head1 COPYRIGHT & LICENSE -Copyright E 2011-2022 Olivier MenguE. +Copyright E 2011-2025 Olivier MenguE. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/bin/github-keygen b/bin/github-keygen index 8915f4a..cb9db8c 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -1062,7 +1062,7 @@ Olivier MenguE, L. =head1 COPYRIGHT & LICENSE -Copyright E 2011-2022 Olivier MenguE. +Copyright E 2011-2025 Olivier MenguE. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by From cfc026e8a8e9b3962741f93a2cab57edb1702aa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 09:16:39 +0100 Subject: [PATCH 16/26] xt/02-spelling: hint about installing hunspell I tried to look how to use the built-in macOS spellchecker (AppleSpell.service) but I couldn't find a CLI tool interface. --- xt/02-spelling.t | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xt/02-spelling.t b/xt/02-spelling.t index 8fb0f64..9570bff 100644 --- a/xt/02-spelling.t +++ b/xt/02-spelling.t @@ -1,10 +1,12 @@ +use utf8; use strict; use warnings; use Test::More; use Test::Spelling; -plan skip_all => 'No working spellchecker' unless has_working_spellchecker; +plan skip_all => 'No working spellchecker (hint: install hunspell and LibreOffice dictionaries)' + unless has_working_spellchecker; local $TODO = 'Test::Spelling is broken (no UTF-8 support)'; From 1fd0c1d9c0b0f8c58775fe9791e6ec775fae59c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 11:13:26 +0100 Subject: [PATCH 17/26] tools/list-openssl-algorithms: fix compatibility with OpenSSL 3.x+ --- tools/list-openssl-algorithms | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/tools/list-openssl-algorithms b/tools/list-openssl-algorithms index 9c88668..c80a8e6 100755 --- a/tools/list-openssl-algorithms +++ b/tools/list-openssl-algorithms @@ -6,16 +6,37 @@ use feature 'say'; use JSON::PP (); +# OpenSSL 3.x: https://docs.openssl.org/master/man1/openssl-list/#synopsis +# LibreSSL (the version bundled with macOS): https://man.openbsd.org/openssl.1 +my $has_openssl_list = `openssl version` =~ /^OpenSSL 3/; + +sub cmd_openssl_list +{ + my $cat = shift; + if ($has_openssl_list) { + ('openssl', 'list', '-1', "-$cat") + } else { + ('openssl', "list-$cat") + } +} + sub read_openssl_list { my $cat = shift; - open my $f, '-|', 'openssl', "list-$cat-algorithms" or die $!; + open my $f, '-|', cmd_openssl_list("$cat-algorithms") or die $!; my %alg; while (<$f>) { - next if / => /; + next if / => / || /^(?:Legacy|Provided.*):/; chomp; $_ = lc; - $alg{$_}++; + s/^ *//; + s/ @ default$//; + if (/^\{ (.*) \}$/) { + my @algs = split /, /, $1; + $alg{$_}++ for @algs; + } else { + $alg{$_}++; + } } close $f; my @a = sort keys %alg; @@ -25,7 +46,7 @@ sub read_openssl_list sub read_openssl_list_public_key { - open my $f, '-|', 'openssl', "list-public-key-algorithms" or die $!; + open my $f, '-|', cmd_openssl_list('public-key-algorithms') or die $!; my %alg; while (<$f>) { next unless /PEM string: (.*)\n/; @@ -39,7 +60,7 @@ sub read_openssl_list_public_key my %alg; -$alg{mac} = read_openssl_list('message-digest'); +$alg{mac} = read_openssl_list($has_openssl_list ? 'mac' : 'message-digest'); $alg{cipher} = read_openssl_list('cipher'); $alg{key} = read_openssl_list_public_key(); From 2aac5921f3c973a003f6e526a5bcbe85be680402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 14:47:00 +0100 Subject: [PATCH 18/26] tools/pubkey-dump: multiple improvements pubkey-dump tool: - add doc header - add decoding of ed25519 keys - add parsing of known_hosts file format --- tools/pubkey-dump | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tools/pubkey-dump b/tools/pubkey-dump index 6804e9e..7aa4a81 100755 --- a/tools/pubkey-dump +++ b/tools/pubkey-dump @@ -1,5 +1,12 @@ #!/usr/bin/env perl +# Decode OpenSSH public key string into structured data. +# The data and encoding depends on the key type. +# +# Usage: pubkey-dump ~/.ssh/id_rsa.pub +# Usage: pubkey-dump ~/.ssh/known_hosts +# Usage: pubkey-dump ~/.ssh/authorized_keys + use strict; use warnings; use feature 'say'; @@ -12,14 +19,28 @@ my %decoders = ( sprintf("exponent: %v02X\nmodulus: %v02X\n", $exp, $mod) . (length($rem) ? sprintf("other: %v02X\n", $rem) : '') }, + 'ssh-ed25519' => sub { + # Skip 4 first bytes (00.00.00.20) + # Show the other 32 bytes as hex + sprintf("pk: %v02X\n", substr($_[0], 4)) + }, + # TODO: add other key types ); open my $f, '<', $ARGV[0] or die; while (<$f>) { - my ($b64) = $_ =~ m!^[^ ]+ ([0-9a-zA-Z+/]+=*) ! or die; + next if /^#/; + if (/^[^ ]+ +ssh-/) { # Allow to also decode known_hosts: move hostname to the end of the line + s/^([^ ]*) +(ssh-.*)$/$2 $1/; + } + my ($b64) = $_ =~ m!^[^ ]+ ([0-9a-zA-Z+/]+=*)( |$)! or die "unexpected line format: \"$_\""; my $bytes = MIME::Base64::decode($b64); my ($type, $remain) = unpack('N/a a*', $bytes); + unless ($decoders{$type}) { + printf STDERR "unknown key type $type\n"; + next + } printf "type: %s\n%s", $type, $decoders{$type}->($remain); } From 21d0ba0ad496b3055d6b5d128178ea96f957e97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 14:51:20 +0100 Subject: [PATCH 19/26] LICENSE: fix links to gnu.org to use https:// including in licence text Use latest from https://www.gnu.org/licenses/gpl-3.0.txt --- LICENSE | 8 ++++---- README.pod | 2 +- bin/github-keygen | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/LICENSE b/LICENSE index 94a9ed0..f288702 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. @@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see -. +. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read -. +. diff --git a/README.pod b/README.pod index 2e6b3ca..e7d3a24 100644 --- a/README.pod +++ b/README.pod @@ -538,6 +538,6 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see L. +along with this program. If not, see L. =cut diff --git a/bin/github-keygen b/bin/github-keygen index cb9db8c..7bb362f 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -1075,7 +1075,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see L. +along with this program. If not, see L. =cut From 9022d46621c024663e255fdd09ad8902f855b330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 15:03:57 +0100 Subject: [PATCH 20/26] Improve TODO comment about `openssl list -cipher-algorithms` --- bin/github-keygen | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/bin/github-keygen b/bin/github-keygen index 7bb362f..0769a0c 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -499,9 +499,16 @@ if (@github_accounts) { # Algorithms subset recommended by Stribika # See https://stribika.github.io/2015/01/04/secure-secure-shell.html # Last in each list is the minimum supported by GitHub - # TODO: some algorithms are imported by OpenSSH from OpenSSL at runtime - # so we could check the output of `openssl list-cipher-algorithms` + # TODO: Some algorithms are imported by OpenSSH from OpenSSL at runtime + # so we could check the output of `openssl list -cipher-algorithms` # in the case `ssh -Q cipher` is not implemented (old OpenSSH). + # However: + # - this is less and less relevant as recent version of OpenSSH get + # deployed + # - we would have to parse various versions of the openssl tool output + # (`openssl list -cipher-algorithms` vs + # `openssl list-cipher-algorithms`: see + # tools/list-openssl-algorithms) my %algorithms = ( # Ciphers: ssh -Q cipher cipher => [ From bf85d90987e514ccd77264cb02bc8fe3cfd2757a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Tue, 21 Jan 2025 15:06:28 +0100 Subject: [PATCH 21/26] Fix typo in ssh_config: "Knwon" vs "Known" --- bin/github-keygen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index 0769a0c..cdda3a9 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -604,7 +604,7 @@ HostName github.com Host github.com gist.github.com ssh.github.com 443.github.com *.github.com *.gist.github.com *.ssh.github.com *.443.github.com User git -# Knwon options which are available only in some OpenSSH versions +# Known options which are available only in some OpenSSH versions IgnoreUnknown Protocol,UseRoaming,UseKeychain # Force SSH2 Protocol 2 From bbe9784240ad7a9eeaa121b2190643c7b49e804b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Wed, 22 Jan 2025 10:18:55 +0100 Subject: [PATCH 22/26] Update comment about rebuilding know_hosts file Update comment about ssh-keyscan command to use for rebuilding the embedded SSH server keys for GitHub. --- bin/github-keygen | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index cdda3a9..906dfe7 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -449,7 +449,8 @@ if (@github_accounts) { # To rebuild __DATA__ (if GitHub ever revokes its host keys): - # ssh-keyscan -t dsa,rsa github.com gist.github.com ssh.github.com + # ssh-keyscan -t ed25519 github.com gist.github.com 2>/dev/null + # ssh-keyscan -t ed25519 -p 443 ssh.github.com 2>/dev/null my $size = -e KNOWN_HOSTS_FILE ? (stat KNOWN_HOSTS_FILE)[7] From 7c08767d2502cdb601921a4432ddb8cc069db3fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Wed, 22 Jan 2025 10:24:37 +0100 Subject: [PATCH 23/26] Improve parsing of ssh -V for macOS Improve parsing of ssh -V to allow "OpenSSH_9.0p1, LibreSSL 3.3.6" --- bin/github-keygen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/github-keygen b/bin/github-keygen index 906dfe7..c2ac546 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -491,7 +491,7 @@ if (@github_accounts) { # '6.6.1p1' => 0x6611 # '4.6p1' => 0x4601 my $SSH_VERSION = do { - my @V = $SSH_V =~ /^OpenSSH(?:[^0-9]+)_([0-9]+)\.([0-9]+)(?:\.([0-9]+))?p([0-9]+)/; + my @V = $SSH_V =~ /^OpenSSH(?:[^0-9]*)_([0-9]+)\.([0-9]+)(?:\.([0-9]+))?p([0-9]+)/; ($V[0] << 12) | ($V[1] << 8) | (($V[2] || 0) << 4) | $V[3] }; From 5e659ee13efca344dc052c2c5195fc8a20cfc5ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Wed, 22 Jan 2025 10:37:35 +0100 Subject: [PATCH 24/26] Switch default key type to ed25519 Should have been the new default a long time ago. Note that rsa keys are not available anymore in the default OpenBSD build of OpenSSH, and support for such keys will even be removed from the OpenSSH sources. --- README.pod | 9 ++++++--- bin/github-keygen | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/README.pod b/README.pod index e7d3a24..4260713 100644 --- a/README.pod +++ b/README.pod @@ -262,9 +262,12 @@ L. =item NEXT -On key creation, custom key comment provided by -C was ignored -(L). This is fixed. -Thanks to L<@tinhtruong|https://github.com/tinhtruong> for the report. +Change default key type to C (previously C) +(L). + +On key creation, custom key comment provided by C<-C> was ignored +(L). This is +fixed. Thanks to L<@tinhtruong|https://github.com/tinhtruong> for the report. =item v1.306 diff --git a/bin/github-keygen b/bin/github-keygen index c2ac546..00e25d1 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -78,7 +78,7 @@ use constant { my $offline; # No network connection my $remove_all; -my $key_type = 'rsa'; +my $key_type = 'ed25519'; my $key_bits = 4096; my $github_default = ''; @@ -954,7 +954,7 @@ Remove all accounts, except those following on the command-line. =item -t I -Set default key type for key creation. Default is C. +Set default key type for key creation. Default is C. =item -b I From f07b4ff94be8712b3fa4215a6fd835fe2add4923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Wed, 22 Jan 2025 14:41:15 +0100 Subject: [PATCH 25/26] README: more release notes --- README.pod | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.pod b/README.pod index 4260713..d5ad64c 100644 --- a/README.pod +++ b/README.pod @@ -262,13 +262,17 @@ L. =item NEXT -Change default key type to C (previously C) +Change default key type on key creation to C (previously C) (L). On key creation, custom key comment provided by C<-C> was ignored (L). This is fixed. Thanks to L<@tinhtruong|https://github.com/tinhtruong> for the report. +Fix typo in a comment in F<~/.ssh/config>: "I". + +Improve Windows compatibility (fix in parsing of C). + =item v1.306 On key creation, switch default key size from 2048 bits to 4096 bits. From ae64ecd05ea7d654ec7a2c47c5696165bcad505c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Wed, 22 Jan 2025 14:47:51 +0100 Subject: [PATCH 26/26] Prepare version 1.400 --- README.pod | 2 +- bin/github-keygen | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.pod b/README.pod index d5ad64c..42aaaf7 100644 --- a/README.pod +++ b/README.pod @@ -260,7 +260,7 @@ L. =over 4 -=item NEXT +=item v1.400 Change default key type on key creation to C (previously C) (L). diff --git a/bin/github-keygen b/bin/github-keygen index 00e25d1..9c35790 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -12,7 +12,7 @@ use Sys::Hostname; use constant HAS_TEXT_DIFF => eval { require Text::Diff; 1 }; -our $VERSION = '1.306'; +our $VERSION = '1.400'; use constant { PROG => (File::Spec->splitpath($0))[2],