Attachment #2430 for bug #2165

View | Details | Raw Unified | Return to bug 2165
Collapse All | Expand All




	{ NULL, -1 }
};

static const struct multistate multistate_stricthostkeychecking[] = {
	{ "true",			1 },
	{ "false",			0 },
	{ "yes",			1 },
	{ "no",				0 },
	{ "ask",			2 },
	{ "require-fingerprint",	3 },
	{ NULL, -1 }
};

/*
 * Processes a single option line as used in the configuration files. This
 * only sets those values that have not already been set.


	case oStrictHostKeyChecking:
		intptr = &options->strict_host_key_checking;
		multistate_ptr = multistate_stricthostkeychecking;
		goto parse_multistate;

	case oCompression:




will be added to the user known host files only after the user
has confirmed that is what they really want to do, and
ssh will refuse to connect to hosts whose host key has changed.
If this flag is set to
.Dq require-fingerprint ,
the user will be asked to type a fingerprint of server's host key and
if the fingerprint is correct, the new host key will be added to the
user known host files.
The host keys of
known hosts will be verified automatically in all cases.
The argument must be
.Dq yes ,
.Dq no ,
.Dq ask ,
or
.Dq require-fingerprint .
The default is
.Dq ask .
.It Cm TCPKeepAlive




}

static int
confirm_fingerprint(const char *prompt, const char *fp)
{
	char *p;
	int ret = 0;

	if (options.batch_mode)
		return 0;

	p = read_passphrase(prompt, RP_ECHO);
	if (p != NULL && strncmp(p, fp, strlen(fp)) == 0) {
		ret = 1;
		free(p);
	}
	return ret;
}

static int
check_host_cert(const char *host, const Key *host_key)
{
	const char *reason;

			error("No %s host key is known for %.200s and you "
			    "have requested strict checking.", type, host);
			goto fail;
		} else if (options.strict_host_key_checking == 2 || options.strict_host_key_checking == 3) {
			char msg1[1024], msg2[1024];

			if (show_other_keys(host_hostkeys, host_key))

					    "No matching host key fingerprint"
					    " found in DNS.\n");
			}
			if (options.strict_host_key_checking == 2) {
				snprintf(msg, sizeof(msg),
				    "The authenticity of host '%.200s (%s)' can't be "
				    "established%s\n"
				    "%s key fingerprint is [%s]%s.%s%s\n%s"
				    "Are you sure you want to continue connecting "
				    "(yes/no)? ",
				    host, ip, msg1, type, fpt, fp,
				    options.visual_host_key ? "\n" : "",
				    options.visual_host_key ? ra : "",
				    msg2);
				free(ra);
				free(fpt);
				free(fp);
				if (!confirm(msg))
					goto fail;
			} else {
				snprintf(msg, sizeof(msg),
				    "The authenticity of host '%.200s (%s)' can't be "
				    "established%s\n"
				    "Type the %s key fingerprint from remote host [%s]: ",
				    host, ip, msg1, type, fpt);
				free(ra);
				free(fpt);
				if (!confirm_fingerprint(msg, fp)) {
					free(fp);
					goto fail;
				}
				free(fp);
			}
		}
		/*
		 * If not in strict mode, add the key automatically to the
- 

Return to bug 2165

Lines 689-694 static const struct multistate multistate_canonicalizehostname[] = { Link Here

(-)a/readconf.c (-1 / +11 lines)
689	{ NULL, -1 }	689	{ NULL, -1 }
690	};	690	};
691		691
		692	static const struct multistate multistate_stricthostkeychecking[] = {
		693	{ "true", 1 },
		694	{ "false", 0 },
		695	{ "yes", 1 },
		696	{ "no", 0 },
		697	{ "ask", 2 },
		698	{ "require-fingerprint", 3 },
		699	{ NULL, -1 }
		700	};
		701
692	/*	702	/*
693	* Processes a single option line as used in the configuration files. This	703	* Processes a single option line as used in the configuration files. This
694	* only sets those values that have not already been set.	704	* only sets those values that have not already been set.
Lines 861-867 parse_time: Link Here
861		871
862	case oStrictHostKeyChecking:	872	case oStrictHostKeyChecking:
863	intptr = &options->strict_host_key_checking;	873	intptr = &options->strict_host_key_checking;
864	multistate_ptr = multistate_yesnoask;	874	multistate_ptr = multistate_stricthostkeychecking;
865	goto parse_multistate;	875	goto parse_multistate;
866		876
867	case oCompression:	877	case oCompression:

Lines 1306-1318 new host keys Link Here

(-)a/ssh_config.5 (-1 / +7 lines)
1306	will be added to the user known host files only after the user	1306	will be added to the user known host files only after the user
1307	has confirmed that is what they really want to do, and	1307	has confirmed that is what they really want to do, and
1308	ssh will refuse to connect to hosts whose host key has changed.	1308	ssh will refuse to connect to hosts whose host key has changed.
		1309	If this flag is set to
		1310	.Dq require-fingerprint ,
		1311	the user will be asked to type a fingerprint of server's host key and
		1312	if the fingerprint is correct, the new host key will be added to the
		1313	user known host files.
1309	The host keys of	1314	The host keys of
1310	known hosts will be verified automatically in all cases.	1315	known hosts will be verified automatically in all cases.
1311	The argument must be	1316	The argument must be
1312	.Dq yes ,	1317	.Dq yes ,
1313	.Dq no ,	1318	.Dq no ,
		1319	.Dq ask ,
1314	or	1320	or
1315	.Dq ask .	1321	.Dq require-fingerprint .
1316	The default is	1322	The default is
1317	.Dq ask .	1323	.Dq ask .
1318	.It Cm TCPKeepAlive	1324	.It Cm TCPKeepAlive

Lines 701-706 confirm(const char *prompt) Link Here

(-)a/sshconnect.c (-17 / +48 lines)
701	}	701	}
702		702
703	static int	703	static int
		704	confirm_fingerprint(const char prompt, const char fp)
		705	{
		706	char *p;
		707	int ret = 0;
		708
		709	if (options.batch_mode)
		710	return 0;
		711
		712	p = read_passphrase(prompt, RP_ECHO);
		713	if (p != NULL && strncmp(p, fp, strlen(fp)) == 0) {
		714	ret = 1;
		715	free(p);
		716	}
		717	return ret;
		718	}
		719
		720	static int
704	check_host_cert(const char host, const Key host_key)	721	check_host_cert(const char host, const Key host_key)
705	{	722	{
706	const char *reason;	723	const char *reason;
Lines 947-953 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
947	error("No %s host key is known for %.200s and you "	964	error("No %s host key is known for %.200s and you "
948	"have requested strict checking.", type, host);	965	"have requested strict checking.", type, host);
949	goto fail;	966	goto fail;
950	} else if (options.strict_host_key_checking == 2) {	967	} else if (options.strict_host_key_checking == 2 \|\| options.strict_host_key_checking == 3) {
951	char msg1[1024], msg2[1024];	968	char msg1[1024], msg2[1024];
952		969
953	if (show_other_keys(host_hostkeys, host_key))	970	if (show_other_keys(host_hostkeys, host_key))
Lines 972-992 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
972	"No matching host key fingerprint"	989	"No matching host key fingerprint"
973	" found in DNS.\n");	990	" found in DNS.\n");
974	}	991	}
975	snprintf(msg, sizeof(msg),	992	if (options.strict_host_key_checking == 2) {
976	"The authenticity of host '%.200s (%s)' can't be "	993	snprintf(msg, sizeof(msg),
977	"established%s\n"	994	"The authenticity of host '%.200s (%s)' can't be "
978	"%s key fingerprint is [%s]%s.%s%s\n%s"	995	"established%s\n"
979	"Are you sure you want to continue connecting "	996	"%s key fingerprint is [%s]%s.%s%s\n%s"
980	"(yes/no)? ",	997	"Are you sure you want to continue connecting "
981	host, ip, msg1, type, fpt, fp,	998	"(yes/no)? ",
982	options.visual_host_key ? "\n" : "",	999	host, ip, msg1, type, fpt, fp,
983	options.visual_host_key ? ra : "",	1000	options.visual_host_key ? "\n" : "",
984	msg2);	1001	options.visual_host_key ? ra : "",
985	free(ra);	1002	msg2);
986	free(fpt);	1003	free(ra);
987	free(fp);	1004	free(fpt);
988	if (!confirm(msg))	1005	free(fp);
989	goto fail;	1006	if (!confirm(msg))
		1007	goto fail;
		1008	} else {
		1009	snprintf(msg, sizeof(msg),
		1010	"The authenticity of host '%.200s (%s)' can't be "
		1011	"established%s\n"
		1012	"Type the %s key fingerprint from remote host [%s]: ",
		1013	host, ip, msg1, type, fpt);
		1014	free(ra);
		1015	free(fpt);
		1016	if (!confirm_fingerprint(msg, fp)) {
		1017	free(fp);
		1018	goto fail;
		1019	}
		1020	free(fp);
		1021	}
990	}	1022	}
991	/*	1023	/*
992	* If not in strict mode, add the key automatically to the	1024	* If not in strict mode, add the key automatically to the
993	-