summaryrefslogtreecommitdiffstats
path: root/completions/ssh-keygen
blob: 095f36b99c2be0287221a42091b2d5c3748a8778 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# ssh-keygen(1) completion                                 -*- shell-script -*-

_comp_cmd_ssh_keygen()
{
    local cur prev words cword comp_args
    _comp_initialize -n := -- "$@" || return

    local IFS=$' \t\n' # for ${words[*]}
    local noargopts='!(-*|*[ aCIJjMNPSVWzbEFRDwfGKsTmnOrtY]*)'
    # shellcheck disable=SC2254
    case $prev in
        -${noargopts}[aCIJjMNPSVWz])
            return
            ;;
        -${noargopts}b)
            local -a sizes=()
            case "${words[*]}" in
                *" -t dsa"?( *))
                    sizes=(1024)
                    ;;
                *" -t ecdsa"?( *))
                    sizes=(256 384 521)
                    ;;
                *" -t rsa"?( *))
                    sizes=(1024 2048 3072 4096)
                    ;;
            esac
            ((${#sizes[@]})) &&
                _comp_compgen -- -W '"${sizes[@]}"'
            return
            ;;
        -${noargopts}E)
            _comp_compgen -- -W 'md5 sha256'
            return
            ;;
        -${noargopts}[FR])
            # TODO: trim this down to actual entries in known hosts files
            _comp_compgen_known_hosts -- "$cur"
            return
            ;;
        -${noargopts}[Dw])
            _comp_compgen_filedir so
            return
            ;;
        -${noargopts}[fGKsT])
            _comp_compgen_filedir
            return
            ;;
        -${noargopts}m)
            _comp_compgen -- -W 'PEM PKCS8 RFC4716'
            return
            ;;
        -${noargopts}n)
            [[ ${words[*]} != *\ -*Y\ * ]] || return
            if [[ ${words[*]} == *\ -*h\ * ]]; then
                _comp_compgen_known_hosts -- "${cur##*,}"
                ((${#COMPREPLY[@]})) &&
                    _comp_delimited , -W '"${COMPREPLY[@]}"'
            else
                _comp_delimited , -u
            fi
            return
            ;;
        -${noargopts}O)
            if [[ $cur != *=* ]]; then
                local -a opts=()
                case ${words[*]} in
                    *\ -${noargopts}M\ *)
                        opts=(
                            lines= start-line= checkpoint= memory= start=
                            generator=
                        )
                        ;;
                    *\ -${noargopts}r\ *)
                        opts=(hashalg=)
                        ;;
                    *\ -${noargopts}s\ *)
                        opts=(
                            clear critical: extension: force-command=
                            no-agent-forwarding no-port-forwarding no-pty
                            no-user-rc no-x11-forwarding permit-agent-forwarding
                            permit-port-forwarding permit-pty permit-user-rc
                            permit-X11-forwarding no-touch-required
                            source-address= verify-required
                        )
                        ;;
                    *\ -${noargopts}t\ +([a-z0-9])-sk\ *)
                        opts=(
                            application= challenge= device= no-touch-required
                            resident user= verify-required write-attestation=
                        )
                        ;;
                    *\ -${noargopts}Y\ *)
                        opts=(hashalg= print-pubkey verify-time)
                        ;;
                esac
                ((${#opts[@]})) &&
                    _comp_compgen -- -W '"${opts[@]}"'

                [[ ${COMPREPLY-} == *[:=] ]] && compopt -o nospace
                _comp_ltrim_colon_completions "$cur"
            else
                case $cur in
                    force-command=*)
                        compopt -o filenames
                        _comp_compgen -c "${cur#*=}" commands
                        ;;
                    checkpoint=* | challenge=* | write-attestation=*)
                        _comp_compgen -c "${cur#*=}" filedir
                        ;;
                    application=*([^:=]))
                        _comp_compgen -c "${cur#*=}" -- -W "ssh:"
                        compopt -o nospace
                        ;;
                    user=*)
                        _comp_compgen -c "${cur#*=}" -- -u
                        ;;
                    hashalg=*)
                        local -a args=()
                        case ${words[*]} in
                            *\ -*Y\ *)
                                args=(sha256 sha512)
                                ;;
                            *\ -*r\ *)
                                args=(sha1 sha256)
                                ;;
                        esac
                        ((${#args[@]})) &&
                            _comp_compgen -c "${cur#*=}" -- -W '"${args[@]}"'
                        ;;
                esac
            fi
            return
            ;;
        -${noargopts}r)
            [[ ${words[*]} != *\ -${noargopts}Y\ * ]] || _comp_compgen_filedir
            return
            ;;
        -${noargopts}t)
            # Prefer `ssh` from same dir for resolving options, etc
            local pathcmd protocols
            pathcmd=$(type -P -- "$1") && local PATH=${pathcmd%/*}:$PATH
            _comp_compgen -v protocols -x ssh query protocol-version
            local types='dsa ecdsa ecdsa-sk ed25519 ed25519-sk rsa'
            if [[ ${protocols[*]} == *1* ]]; then
                types+=' rsa1'
            fi
            _comp_compgen -- -W "$types"
            return
            ;;
        -${noargopts}Y)
            _comp_compgen -- -W 'find-principals check-novalidate sign verify'
            return
            ;;
    esac

    _comp_compgen_set
    if [[ $cur == -* ]]; then
        _comp_compgen_usage -- "-?" ||
            _comp_compgen_help -- "-?" # OpenSSH < 7
    fi

    if [[ ${words[*]} == *\ -${noargopts}s\ * ]]; then
        _comp_compgen -a filedir pub
    fi
} &&
    complete -F _comp_cmd_ssh_keygen ssh-keygen

# ex: filetype=sh