Attachment #2681 for bug #2439

View | Details | Raw Unified | Return to bug 2439
Collapse All | Expand All




		if (ctx->keys_seen[i] != 2)
			continue;
		if ((fp = sshkey_fingerprint(ctx->keys[i],
		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
			fatal("%s: sshkey_fingerprint failed", __func__);
		do_log2(loglevel, "Learned new hostkey: %s %s",
		    sshkey_type(ctx->keys[i]), fp);

	}
	for (i = 0; i < ctx->nold; i++) {
		if ((fp = sshkey_fingerprint(ctx->old_keys[i],
		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
			fatal("%s: sshkey_fingerprint failed", __func__);
		do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
		    sshkey_type(ctx->old_keys[i]), fp);

	    (r = hostfile_replace_entries(options.user_hostfiles[0],
	    ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
	    options.hash_known_hosts, 0,
	    options.fingerprint_hash[0])) != 0)
		error("%s: hostfile_replace_entries failed: %s",
		    __func__, ssh_err(r));
}

			error("%s: parse key: %s", __func__, ssh_err(r));
			goto out;
		}
		fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
		    SSH_FP_DEFAULT);
		debug3("%s: received %s key %s", __func__,
		    sshkey_type(key), fp);




		goto parse_string;

	case oFingerprintHash:
		if (*activep && options->num_fingerprint_hash == 0)
			while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
				value = ssh_digest_alg_by_name(arg);
				if (value == -1)
					fatal("%s line %d: unknown fingerprints algorithm specs: %s.",
						filename, linenum, arg);
				if (options->num_fingerprint_hash >= SSH_DIGEST_MAX)
					fatal("%s line %d: too many fingerprints algorithm specs.",
						filename, linenum);
				options->fingerprint_hash[
					options->num_fingerprint_hash++] = value;
			}
		break;

	case oUpdateHostkeys:

	options->canonicalize_fallback_local = -1;
	options->canonicalize_hostname = -1;
	options->revoked_host_keys = NULL;
	options->num_fingerprint_hash = 0;
	options->update_hostkeys = -1;
	options->hostbased_key_types = NULL;
	options->pubkey_key_types = NULL;

		options->canonicalize_fallback_local = 1;
	if (options->canonicalize_hostname == -1)
		options->canonicalize_hostname = SSH_CANONICALISE_NO;
	if (options->num_fingerprint_hash == 0) {
		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_SHA256;
		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_MD5;
	}
	if (options->update_hostkeys == -1)
		options->update_hostkeys = 0;
	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||

}

static void
dump_cfg_fmtarray(OpCodes code, u_int count, int *vals)
{
	u_int i;

	printf("%s", lookup_opcode_name(code));
	for (i = 0; i < count; i++)
		printf(" %s", fmt_intarg(code, vals[i]));
	printf("\n");
}

static void
dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
{
	u_int i;

	dump_cfg_fmtint(oControlMaster, o->control_master);
	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
	dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
	dump_cfg_fmtint(oForwardAgent, o->forward_agent);
	dump_cfg_fmtint(oForwardX11, o->forward_x11);
	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);

	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
	dump_cfg_fmtarray(oFingerprintHash, o->num_fingerprint_hash, o->fingerprint_hash);

	/* Special cases */


Lines 21-26 Link Here

(-)a/readconf.h (-1 / +3 lines)
21	#define MAX_SEND_ENV 256	21	#define MAX_SEND_ENV 256
22	#define SSH_MAX_HOSTS_FILES 32	22	#define SSH_MAX_HOSTS_FILES 32
23	#define MAX_CANON_DOMAINS 32	23	#define MAX_CANON_DOMAINS 32
		24	#define MAX_SSH_DIGESTS 32
24	#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)	25	#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)
25		26
26	struct allowed_cname {	27	struct allowed_cname {
Lines 146-152 typedef struct { Link Here
146		147
147	char *revoked_host_keys;	148	char *revoked_host_keys;
148		149
149	int fingerprint_hash;	150	int num_fingerprint_hash;
		151	int fingerprint_hash[MAX_SSH_DIGESTS];
150		152
151	int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */	153	int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
152		154




The default is
.Dq no .
.It Cm FingerprintHash
Specifies the hash algorithms used when displaying key fingerprints.
Valid options are:
.Dq md5
and
.Dq sha256 .
The default is
.Dq "sha256 md5".
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.




				    "of known hosts.", type, ip);
		} else if (options.visual_host_key) {
			fp = sshkey_fingerprint(host_key,
			    options.fingerprint_hash[0], SSH_FP_DEFAULT);
			ra = sshkey_fingerprint(host_key,
			    options.fingerprint_hash[0], SSH_FP_RANDOMART);
			if (fp == NULL || ra == NULL)
				fatal("%s: sshkey_fingerprint fail", __func__);
			logit("Host key fingerprint is %s\n%s\n", fp, ra);

			else
				snprintf(msg1, sizeof(msg1), ".");
			/* The default */
			fp = sshkey_fingerprint(host_key,
			    options.fingerprint_hash, SSH_FP_DEFAULT);
			ra = sshkey_fingerprint(host_key,
			    options.fingerprint_hash, SSH_FP_RANDOMART);
			if (fp == NULL || ra == NULL)
				fatal("%s: sshkey_fingerprint fail", __func__);
			msg2[0] = '\0';
			if (options.verify_host_key_dns) {
				if (matching_host_key_dns)

			}
			snprintf(msg, sizeof(msg),
			    "The authenticity of host '%.200s (%s)' can't be "
			    "established%s\n", host, ip, msg1);
			for (i = 0; i < options.num_fingerprint_hash; i++) {
				fp = sshkey_fingerprint(host_key,
				    options.fingerprint_hash[i], SSH_FP_DEFAULT);
				ra = sshkey_fingerprint(host_key,
				    options.fingerprint_hash[i], SSH_FP_RANDOMART);
				if (fp == NULL || ra == NULL)
					fatal("%s: sshkey_fingerprint fail", __func__);
				len = strlen(msg);
				snprintf(msg+len, sizeof(msg)-len,
				    "%s key fingerprint is %s.%s%s\n%s",
				    type, fp,
				    options.visual_host_key ? "\n" : "",
				    options.visual_host_key ? ra : "",
				    msg2);
				free(ra);
				free(fp);
			}
			len = strlen(msg);
			snprintf(msg+len, sizeof(msg)-len,
			    "Are you sure you want to continue connecting "
			    "(yes/no)? ");
			    host, ip, msg1, type, fp,
			    options.visual_host_key ? "\n" : "",
			    options.visual_host_key ? ra : "",
			    msg2);
			free(ra);
			free(fp);
			if (!confirm(msg))
				goto fail;
			hostkey_trusted = 1; /* user explicitly confirmed */

	struct sshkey *plain = NULL;

	if ((fp = sshkey_fingerprint(host_key,
	    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
		error("%s: fingerprint host key: %s", __func__, ssh_err(r));
		r = -1;
		goto out;

		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
			continue;
		fp = sshkey_fingerprint(found->key,
		    options.fingerprint_hash[0], SSH_FP_DEFAULT);
		ra = sshkey_fingerprint(found->key,
		    options.fingerprint_hash[0], SSH_FP_RANDOMART);
		if (fp == NULL || ra == NULL)
			fatal("%s: sshkey_fingerprint fail", __func__);
		logit("WARNING: %s key found for host %s\n"

{
	char *fp;

	fp = sshkey_fingerprint(host_key, options.fingerprint_hash[0],
	    SSH_FP_DEFAULT);
	if (fp == NULL)
		fatal("%s: sshkey_fingerprint fail", __func__);




		    key->type, pktype);
		goto done;
	}
	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
	    SSH_FP_DEFAULT)) == NULL)
		goto done;
	debug2("input_userauth_pk_ok: fp %s", fp);

	int have_sig = 1;
	char *fp;

	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
	    SSH_FP_DEFAULT)) == NULL)
		return 0;
	debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);

		goto out;
	}

	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
	    SSH_FP_DEFAULT)) == NULL) {
		error("%s: sshkey_fingerprint failed", __func__);
		goto out;
- 

Return to bug 2439

Lines 2194-2200 update_known_hosts(struct hostkeys_update_ctx *ctx) Link Here

(-)a/clientloop.c (-4 / +4 lines)
2194	if (ctx->keys_seen[i] != 2)	2194	if (ctx->keys_seen[i] != 2)
2195	continue;	2195	continue;
2196	if ((fp = sshkey_fingerprint(ctx->keys[i],	2196	if ((fp = sshkey_fingerprint(ctx->keys[i],
2197	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)	2197	options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
2198	fatal("%s: sshkey_fingerprint failed", __func__);	2198	fatal("%s: sshkey_fingerprint failed", __func__);
2199	do_log2(loglevel, "Learned new hostkey: %s %s",	2199	do_log2(loglevel, "Learned new hostkey: %s %s",
2200	sshkey_type(ctx->keys[i]), fp);	2200	sshkey_type(ctx->keys[i]), fp);
Lines 2202-2208 update_known_hosts(struct hostkeys_update_ctx *ctx) Link Here
2202	}	2202	}
2203	for (i = 0; i < ctx->nold; i++) {	2203	for (i = 0; i < ctx->nold; i++) {
2204	if ((fp = sshkey_fingerprint(ctx->old_keys[i],	2204	if ((fp = sshkey_fingerprint(ctx->old_keys[i],
2205	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)	2205	options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
2206	fatal("%s: sshkey_fingerprint failed", __func__);	2206	fatal("%s: sshkey_fingerprint failed", __func__);
2207	do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",	2207	do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
2208	sshkey_type(ctx->old_keys[i]), fp);	2208	sshkey_type(ctx->old_keys[i]), fp);
Lines 2245-2251 update_known_hosts(struct hostkeys_update_ctx *ctx) Link Here
2245	(r = hostfile_replace_entries(options.user_hostfiles[0],	2245	(r = hostfile_replace_entries(options.user_hostfiles[0],
2246	ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,	2246	ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
2247	options.hash_known_hosts, 0,	2247	options.hash_known_hosts, 0,
2248	options.fingerprint_hash)) != 0)	2248	options.fingerprint_hash[0])) != 0)
2249	error("%s: hostfile_replace_entries failed: %s",	2249	error("%s: hostfile_replace_entries failed: %s",
2250	__func__, ssh_err(r));	2250	__func__, ssh_err(r));
2251	}	2251	}
Lines 2358-2364 client_input_hostkeys(void) Link Here
2358	error("%s: parse key: %s", __func__, ssh_err(r));	2358	error("%s: parse key: %s", __func__, ssh_err(r));
2359	goto out;	2359	goto out;
2360	}	2360	}
2361	fp = sshkey_fingerprint(key, options.fingerprint_hash,	2361	fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
2362	SSH_FP_DEFAULT);	2362	SSH_FP_DEFAULT);
2363	debug3("%s: received %s key %s", __func__,	2363	debug3("%s: received %s key %s", __func__,
2364	sshkey_type(key), fp);	2364	sshkey_type(key), fp);

Lines 1471-1486 parse_keytypes: Link Here

(-)a/readconf.c (-14 / +29 lines)
1471	goto parse_string;	1471	goto parse_string;
1472		1472
1473	case oFingerprintHash:	1473	case oFingerprintHash:
1474	intptr = &options->fingerprint_hash;	1474	if (*activep && options->num_fingerprint_hash == 0)
1475	arg = strdelim(&s);	1475	while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1476	if (!arg \|\| *arg == '\0')	1476	value = ssh_digest_alg_by_name(arg);
1477	fatal("%.200s line %d: Missing argument.",	1477	if (value == -1)
1478	filename, linenum);	1478	fatal("%s line %d: unknown fingerprints algorithm specs: %s.",
1479	if ((value = ssh_digest_alg_by_name(arg)) == -1)	1479	filename, linenum, arg);
1480	fatal("%.200s line %d: Invalid hash algorithm \"%s\".",	1480	if (options->num_fingerprint_hash >= SSH_DIGEST_MAX)
1481	filename, linenum, arg);	1481	fatal("%s line %d: too many fingerprints algorithm specs.",
1482	if (activep && intptr == -1)	1482	filename, linenum);
1483	*intptr = value;	1483	options->fingerprint_hash[
		1484	options->num_fingerprint_hash++] = value;
		1485	}
1484	break;	1486	break;
1485		1487
1486	case oUpdateHostkeys:	1488	case oUpdateHostkeys:
Lines 1673-1679 initialize_options(Options * options) Link Here
1673	options->canonicalize_fallback_local = -1;	1675	options->canonicalize_fallback_local = -1;
1674	options->canonicalize_hostname = -1;	1676	options->canonicalize_hostname = -1;
1675	options->revoked_host_keys = NULL;	1677	options->revoked_host_keys = NULL;
1676	options->fingerprint_hash = -1;	1678	options->num_fingerprint_hash = 0;
1677	options->update_hostkeys = -1;	1679	options->update_hostkeys = -1;
1678	options->hostbased_key_types = NULL;	1680	options->hostbased_key_types = NULL;
1679	options->pubkey_key_types = NULL;	1681	options->pubkey_key_types = NULL;
Lines 1851-1858 fill_default_options(Options * options) Link Here
1851	options->canonicalize_fallback_local = 1;	1853	options->canonicalize_fallback_local = 1;
1852	if (options->canonicalize_hostname == -1)	1854	if (options->canonicalize_hostname == -1)
1853	options->canonicalize_hostname = SSH_CANONICALISE_NO;	1855	options->canonicalize_hostname = SSH_CANONICALISE_NO;
1854	if (options->fingerprint_hash == -1)	1856	if (options->num_fingerprint_hash == 0) {
1855	options->fingerprint_hash = SSH_FP_HASH_DEFAULT;	1857	options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_SHA256;
		1858	options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_MD5;
		1859	}
1856	if (options->update_hostkeys == -1)	1860	if (options->update_hostkeys == -1)
1857	options->update_hostkeys = 0;	1861	options->update_hostkeys = 0;
1858	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 \|\|	1862	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 \|\|
Lines 2189-2194 dump_cfg_strarray(OpCodes code, u_int count, char **vals) Link Here
2189	}	2193	}
2190		2194
2191	static void	2195	static void
		2196	dump_cfg_fmtarray(OpCodes code, u_int count, int *vals)
		2197	{
		2198	u_int i;
		2199
		2200	printf("%s", lookup_opcode_name(code));
		2201	for (i = 0; i < count; i++)
		2202	printf(" %s", fmt_intarg(code, vals[i]));
		2203	printf("\n");
		2204	}
		2205
		2206	static void
2192	dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)	2207	dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
2193	{	2208	{
2194	u_int i;	2209	u_int i;
Lines 2259-2265 dump_client_config(Options o, const char host) Link Here
2259	dump_cfg_fmtint(oControlMaster, o->control_master);	2274	dump_cfg_fmtint(oControlMaster, o->control_master);
2260	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);	2275	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
2261	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);	2276	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
2262	dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
2263	dump_cfg_fmtint(oForwardAgent, o->forward_agent);	2277	dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2264	dump_cfg_fmtint(oForwardX11, o->forward_x11);	2278	dump_cfg_fmtint(oForwardX11, o->forward_x11);
2265	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);	2279	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
Lines 2328-2333 dump_client_config(Options o, const char host) Link Here
2328	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);	2342	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
2329	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);	2343	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
2330	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);	2344	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
		2345	dump_cfg_fmtarray(oFingerprintHash, o->num_fingerprint_hash, o->fingerprint_hash);
2331		2346
2332	/* Special cases */	2347	/* Special cases */
2333		2348

Lines 647-659 or Link Here

(-)a/ssh_config.5 (-2 / +2 lines)
647	The default is	647	The default is
648	.Dq no .	648	.Dq no .
649	.It Cm FingerprintHash	649	.It Cm FingerprintHash
650	Specifies the hash algorithm used when displaying key fingerprints.	650	Specifies the hash algorithms used when displaying key fingerprints.
651	Valid options are:	651	Valid options are:
652	.Dq md5	652	.Dq md5
653	and	653	and
654	.Dq sha256 .	654	.Dq sha256 .
655	The default is	655	The default is
656	.Dq sha256 .	656	.Dq "sha256 md5".
657	.It Cm ForwardAgent	657	.It Cm ForwardAgent
658	Specifies whether the connection to the authentication agent (if any)	658	Specifies whether the connection to the authentication agent (if any)
659	will be forwarded to the remote machine.	659	will be forwarded to the remote machine.

Lines 920-928 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here

(-)a/sshconnect.c (-21 / +27 lines)
920	"of known hosts.", type, ip);	920	"of known hosts.", type, ip);
921	} else if (options.visual_host_key) {	921	} else if (options.visual_host_key) {
922	fp = sshkey_fingerprint(host_key,	922	fp = sshkey_fingerprint(host_key,
923	options.fingerprint_hash, SSH_FP_DEFAULT);	923	options.fingerprint_hash[0], SSH_FP_DEFAULT);
924	ra = sshkey_fingerprint(host_key,	924	ra = sshkey_fingerprint(host_key,
925	options.fingerprint_hash, SSH_FP_RANDOMART);	925	options.fingerprint_hash[0], SSH_FP_RANDOMART);
926	if (fp == NULL \|\| ra == NULL)	926	if (fp == NULL \|\| ra == NULL)
927	fatal("%s: sshkey_fingerprint fail", __func__);	927	fatal("%s: sshkey_fingerprint fail", __func__);
928	logit("Host key fingerprint is %s\n%s\n", fp, ra);	928	logit("Host key fingerprint is %s\n%s\n", fp, ra);
Lines 964-975 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
964	else	964	else
965	snprintf(msg1, sizeof(msg1), ".");	965	snprintf(msg1, sizeof(msg1), ".");
966	/* The default */	966	/* The default */
967	fp = sshkey_fingerprint(host_key,
968	options.fingerprint_hash, SSH_FP_DEFAULT);
969	ra = sshkey_fingerprint(host_key,
970	options.fingerprint_hash, SSH_FP_RANDOMART);
971	if (fp == NULL \|\| ra == NULL)
972	fatal("%s: sshkey_fingerprint fail", __func__);
973	msg2[0] = '\0';	967	msg2[0] = '\0';
974	if (options.verify_host_key_dns) {	968	if (options.verify_host_key_dns) {
975	if (matching_host_key_dns)	969	if (matching_host_key_dns)
Lines 983-998 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
983	}	977	}
984	snprintf(msg, sizeof(msg),	978	snprintf(msg, sizeof(msg),
985	"The authenticity of host '%.200s (%s)' can't be "	979	"The authenticity of host '%.200s (%s)' can't be "
986	"established%s\n"	980	"established%s\n", host, ip, msg1);
987	"%s key fingerprint is %s.%s%s\n%s"	981	for (i = 0; i < options.num_fingerprint_hash; i++) {
		982	fp = sshkey_fingerprint(host_key,
		983	options.fingerprint_hash[i], SSH_FP_DEFAULT);
		984	ra = sshkey_fingerprint(host_key,
		985	options.fingerprint_hash[i], SSH_FP_RANDOMART);
		986	if (fp == NULL \|\| ra == NULL)
		987	fatal("%s: sshkey_fingerprint fail", __func__);
		988	len = strlen(msg);
		989	snprintf(msg+len, sizeof(msg)-len,
		990	"%s key fingerprint is %s.%s%s\n%s",
		991	type, fp,
		992	options.visual_host_key ? "\n" : "",
		993	options.visual_host_key ? ra : "",
		994	msg2);
		995	free(ra);
		996	free(fp);
		997	}
		998	len = strlen(msg);
		999	snprintf(msg+len, sizeof(msg)-len,
988	"Are you sure you want to continue connecting "	1000	"Are you sure you want to continue connecting "
989	"(yes/no)? ",	1001	"(yes/no)? ");
990	host, ip, msg1, type, fp,
991	options.visual_host_key ? "\n" : "",
992	options.visual_host_key ? ra : "",
993	msg2);
994	free(ra);
995	free(fp);
996	if (!confirm(msg))	1002	if (!confirm(msg))
997	goto fail;	1003	goto fail;
998	hostkey_trusted = 1; /* user explicitly confirmed */	1004	hostkey_trusted = 1; /* user explicitly confirmed */
Lines 1241-1247 verify_host_key(char host, struct sockaddr hostaddr, Key *host_key) Link Here
1241	struct sshkey *plain = NULL;	1247	struct sshkey *plain = NULL;
1242		1248
1243	if ((fp = sshkey_fingerprint(host_key,	1249	if ((fp = sshkey_fingerprint(host_key,
1244	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {	1250	options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
1245	error("%s: fingerprint host key: %s", __func__, ssh_err(r));	1251	error("%s: fingerprint host key: %s", __func__, ssh_err(r));
1246	r = -1;	1252	r = -1;
1247	goto out;	1253	goto out;
Lines 1405-1413 show_other_keys(struct hostkeys hostkeys, Key key) Link Here
1405	if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))	1411	if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
1406	continue;	1412	continue;
1407	fp = sshkey_fingerprint(found->key,	1413	fp = sshkey_fingerprint(found->key,
1408	options.fingerprint_hash, SSH_FP_DEFAULT);	1414	options.fingerprint_hash[0], SSH_FP_DEFAULT);
1409	ra = sshkey_fingerprint(found->key,	1415	ra = sshkey_fingerprint(found->key,
1410	options.fingerprint_hash, SSH_FP_RANDOMART);	1416	options.fingerprint_hash[0], SSH_FP_RANDOMART);
1411	if (fp == NULL \|\| ra == NULL)	1417	if (fp == NULL \|\| ra == NULL)
1412	fatal("%s: sshkey_fingerprint fail", __func__);	1418	fatal("%s: sshkey_fingerprint fail", __func__);
1413	logit("WARNING: %s key found for host %s\n"	1419	logit("WARNING: %s key found for host %s\n"
Lines 1430-1436 warn_changed_key(Key *host_key) Link Here
1430	{	1436	{
1431	char *fp;	1437	char *fp;
1432		1438
1433	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,	1439	fp = sshkey_fingerprint(host_key, options.fingerprint_hash[0],
1434	SSH_FP_DEFAULT);	1440	SSH_FP_DEFAULT);
1435	if (fp == NULL)	1441	if (fp == NULL)
1436	fatal("%s: sshkey_fingerprint fail", __func__);	1442	fatal("%s: sshkey_fingerprint fail", __func__);

Lines 589-595 input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) Link Here

(-)a/sshconnect2.c (-4 / +3 lines)
589	key->type, pktype);	589	key->type, pktype);
590	goto done;	590	goto done;
591	}	591	}
592	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,	592	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
593	SSH_FP_DEFAULT)) == NULL)	593	SSH_FP_DEFAULT)) == NULL)
594	goto done;	594	goto done;
595	debug2("input_userauth_pk_ok: fp %s", fp);	595	debug2("input_userauth_pk_ok: fp %s", fp);
Lines 1009-1015 sign_and_send_pubkey(Authctxt authctxt, Identity id) Link Here
1009	int have_sig = 1;	1009	int have_sig = 1;
1010	char *fp;	1010	char *fp;
1011		1011
1012	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,	1012	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
1013	SSH_FP_DEFAULT)) == NULL)	1013	SSH_FP_DEFAULT)) == NULL)
1014	return 0;	1014	return 0;
1015	debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);	1015	debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
Lines 1635-1641 userauth_hostbased(Authctxt *authctxt) Link Here
1635	goto out;	1635	goto out;
1636	}	1636	}
1637		1637
1638	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,	1638	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
1639	SSH_FP_DEFAULT)) == NULL) {	1639	SSH_FP_DEFAULT)) == NULL) {
1640	error("%s: sshkey_fingerprint failed", __func__);	1640	error("%s: sshkey_fingerprint failed", __func__);
1641	goto out;	1641	goto out;
1642	-