Attachment #2794 for bug #2400

Lines 704-709 static const struct multistate multistate_yesnoask[] = { Link Here

(-)a/readconf.c (-3 / +14 lines)
704	{ "ask", 2 },	704	{ "ask", 2 },
705	{ NULL, -1 }	705	{ NULL, -1 }
706	};	706	};
		707	static const struct multistate multistate_strict_hostkey[] = {
		708	{ "true", SSH_STRICT_HOSTKEY_YES },
		709	{ "false", SSH_STRICT_HOSTKEY_OFF },
		710	{ "yes", SSH_STRICT_HOSTKEY_YES },
		711	{ "no", SSH_STRICT_HOSTKEY_OFF },
		712	{ "ask", SSH_STRICT_HOSTKEY_ASK },
		713	{ "off", SSH_STRICT_HOSTKEY_OFF },
		714	{ "accept-new", SSH_STRICT_HOSTKEY_NEW },
		715	{ NULL, -1 }
		716	};
707	static const struct multistate multistate_yesnoaskconfirm[] = {	717	static const struct multistate multistate_yesnoaskconfirm[] = {
708	{ "true", 1 },	718	{ "true", 1 },
709	{ "false", 0 },	719	{ "false", 0 },
Lines 933-939 parse_time: Link Here
933		943
934	case oStrictHostKeyChecking:	944	case oStrictHostKeyChecking:
935	intptr = &options->strict_host_key_checking;	945	intptr = &options->strict_host_key_checking;
936	multistate_ptr = multistate_yesnoask;	946	multistate_ptr = multistate_strict_hostkey;
937	goto parse_multistate;	947	goto parse_multistate;
938		948
939	case oCompression:	949	case oCompression:
Lines 1780-1786 fill_default_options(Options * options) Link Here
1780	if (options->check_host_ip == -1)	1790	if (options->check_host_ip == -1)
1781	options->check_host_ip = 1;	1791	options->check_host_ip = 1;
1782	if (options->strict_host_key_checking == -1)	1792	if (options->strict_host_key_checking == -1)
1783	options->strict_host_key_checking = 2; /* 2 is default */	1793	options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
1784	if (options->compression == -1)	1794	if (options->compression == -1)
1785	options->compression = 0;	1795	options->compression = 0;
1786	if (options->tcp_keep_alive == -1)	1796	if (options->tcp_keep_alive == -1)
Lines 2146-2154 fmt_intarg(OpCodes code, int val) Link Here
2146	case oAddressFamily:	2156	case oAddressFamily:
2147	return fmt_multistate_int(val, multistate_addressfamily);	2157	return fmt_multistate_int(val, multistate_addressfamily);
2148	case oVerifyHostKeyDNS:	2158	case oVerifyHostKeyDNS:
2149	case oStrictHostKeyChecking:
2150	case oUpdateHostkeys:	2159	case oUpdateHostkeys:
2151	return fmt_multistate_int(val, multistate_yesnoask);	2160	return fmt_multistate_int(val, multistate_yesnoask);
		2161	case oStrictHostKeyChecking:
		2162	return fmt_multistate_int(val, multistate_strict_hostkey);
2152	case oControlMaster:	2163	case oControlMaster:
2153	return fmt_multistate_int(val, multistate_controlmaster);	2164	return fmt_multistate_int(val, multistate_controlmaster);
2154	case oTunnel:	2165	case oTunnel:

Lines 184-189 typedef struct { Link Here

(-)a/readconf.h (+5 lines)
184	#define SSH_UPDATE_HOSTKEYS_YES 1	184	#define SSH_UPDATE_HOSTKEYS_YES 1
185	#define SSH_UPDATE_HOSTKEYS_ASK 2	185	#define SSH_UPDATE_HOSTKEYS_ASK 2
186		186
		187	#define SSH_STRICT_HOSTKEY_OFF 0
		188	#define SSH_STRICT_HOSTKEY_NEW 1
		189	#define SSH_STRICT_HOSTKEY_YES 2
		190	#define SSH_STRICT_HOSTKEY_ASK 3
		191
187	void initialize_options(Options *);	192	void initialize_options(Options *);
188	void fill_default_options(Options *);	193	void fill_default_options(Options *);
189	void fill_default_options_for_canonicalization(Options *);	194	void fill_default_options_for_canonicalization(Options *);




This option forces the user to manually
add all new hosts.
If this flag is set to
.Dq accept-new
then ssh will automatically add new new host keys to the user
known hosts files, but will not permit connections to hosts with
changed host keys.
If this flag is set to
.Dq no
or
.Dq off ,
ssh will automatically add new host keys to the user known hosts files,
and allow connections to hosts with changed hostkeys to proceed subject
to some restrictions.
If this flag is set to
.Dq ask ,
new host keys




		if (readonly || want_cert)
			goto fail;
		/* The host is new. */
		if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_YES) {
			/*
			 * User has requested strict host key checking.  We
			 * will not add the host key automatically.  The only

			error("No %s host key is known for %.200s and you "
			    "have requested strict checking.", type, host);
			goto fail;
		} else if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_ASK) {
			char msg1[1024], msg2[1024];

			if (show_other_keys(host_hostkeys, host_key))

			hostkey_trusted = 1; /* user explicitly confirmed */
		}
		/*
		 * If in "new" or "off" strict mode, add the key automatically
		 * to the local known_hosts file.
		 */
		if (options.check_host_ip && ip_status == HOST_NEW) {
			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);

		 * If strict host key checking is in use, the user will have
		 * to edit the key manually and we can only abort.
		 */
		if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			error("%s host key for %.200s was revoked and you have "
			    "requested strict checking.", type, host);
			goto fail;

		 * If strict host key checking is in use, the user will have
		 * to edit the key manually and we can only abort.
		 */
		if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			error("%s host key for %.200s has changed and you have "
			    "requested strict checking.", type, host);
			goto fail;

			    "\nMatching host key in %s:%lu",
			    host_found->file, host_found->line);
		}
		if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_ASK) {
			error("Exiting, you have requested strict checking.");
			goto fail;
		} else if (options.strict_host_key_checking == 2) {
			strlcat(msg, "\nAre you sure you want "
			    "to continue connecting (yes/no)? ", sizeof(msg));
			if (!confirm(msg))
				goto fail;
		} else if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			logit("%s", msg);
			error("Exiting, you have requested strict checking.");
			goto fail;
		} else {
			logit("%s", msg);
		}

Return to bug 2400

Lines 1562-1570 frequently made. Link Here

(-)a/ssh_config.5 (-3 / +11 lines)
1562	This option forces the user to manually	1562	This option forces the user to manually
1563	add all new hosts.	1563	add all new hosts.
1564	If this flag is set to	1564	If this flag is set to
1565	.Dq no ,	1565	.Dq accept-new
1566	ssh will automatically add new host keys to the	1566	then ssh will automatically add new new host keys to the user
1567	user known hosts files.	1567	known hosts files, but will not permit connections to hosts with
		1568	changed host keys.
		1569	If this flag is set to
		1570	.Dq no
		1571	or
		1572	.Dq off ,
		1573	ssh will automatically add new host keys to the user known hosts files,
		1574	and allow connections to hosts with changed hostkeys to proceed subject
		1575	to some restrictions.
1568	If this flag is set to	1576	If this flag is set to
1569	.Dq ask ,	1577	.Dq ask ,
1570	new host keys	1578	new host keys

Lines 922-928 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here

(-)a/sshconnect.c (-11 / +17 lines)
922	if (readonly \|\| want_cert)	922	if (readonly \|\| want_cert)
923	goto fail;	923	goto fail;
924	/* The host is new. */	924	/* The host is new. */
925	if (options.strict_host_key_checking == 1) {	925	if (options.strict_host_key_checking ==
		926	SSH_STRICT_HOSTKEY_YES) {
926	/*	927	/*
927	* User has requested strict host key checking. We	928	* User has requested strict host key checking. We
928	* will not add the host key automatically. The only	929	* will not add the host key automatically. The only
Lines 931-937 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
931	error("No %s host key is known for %.200s and you "	932	error("No %s host key is known for %.200s and you "
932	"have requested strict checking.", type, host);	933	"have requested strict checking.", type, host);
933	goto fail;	934	goto fail;
934	} else if (options.strict_host_key_checking == 2) {	935	} else if (options.strict_host_key_checking ==
		936	SSH_STRICT_HOSTKEY_ASK) {
935	char msg1[1024], msg2[1024];	937	char msg1[1024], msg2[1024];
936		938
937	if (show_other_keys(host_hostkeys, host_key))	939	if (show_other_keys(host_hostkeys, host_key))
Lines 975-982 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
975	hostkey_trusted = 1; /* user explicitly confirmed */	977	hostkey_trusted = 1; /* user explicitly confirmed */
976	}	978	}
977	/*	979	/*
978	* If not in strict mode, add the key automatically to the	980	* If in "new" or "off" strict mode, add the key automatically
979	* local known_hosts file.	981	* to the local known_hosts file.
980	*/	982	*/
981	if (options.check_host_ip && ip_status == HOST_NEW) {	983	if (options.check_host_ip && ip_status == HOST_NEW) {
982	snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);	984	snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
Lines 1018-1024 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
1018	* If strict host key checking is in use, the user will have	1020	* If strict host key checking is in use, the user will have
1019	* to edit the key manually and we can only abort.	1021	* to edit the key manually and we can only abort.
1020	*/	1022	*/
1021	if (options.strict_host_key_checking) {	1023	if (options.strict_host_key_checking !=
		1024	SSH_STRICT_HOSTKEY_OFF) {
1022	error("%s host key for %.200s was revoked and you have "	1025	error("%s host key for %.200s was revoked and you have "
1023	"requested strict checking.", type, host);	1026	"requested strict checking.", type, host);
1024	goto fail;	1027	goto fail;
Lines 1070-1076 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
1070	* If strict host key checking is in use, the user will have	1073	* If strict host key checking is in use, the user will have
1071	* to edit the key manually and we can only abort.	1074	* to edit the key manually and we can only abort.
1072	*/	1075	*/
1073	if (options.strict_host_key_checking) {	1076	if (options.strict_host_key_checking !=
		1077	SSH_STRICT_HOSTKEY_OFF) {
1074	error("%s host key for %.200s has changed and you have "	1078	error("%s host key for %.200s has changed and you have "
1075	"requested strict checking.", type, host);	1079	"requested strict checking.", type, host);
1076	goto fail;	1080	goto fail;
Lines 1157-1171 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
1157	"\nMatching host key in %s:%lu",	1161	"\nMatching host key in %s:%lu",
1158	host_found->file, host_found->line);	1162	host_found->file, host_found->line);
1159	}	1163	}
1160	if (options.strict_host_key_checking == 1) {	1164	if (options.strict_host_key_checking ==
1161	logit("%s", msg);	1165	SSH_STRICT_HOSTKEY_ASK) {
1162	error("Exiting, you have requested strict checking.");
1163	goto fail;
1164	} else if (options.strict_host_key_checking == 2) {
1165	strlcat(msg, "\nAre you sure you want "	1166	strlcat(msg, "\nAre you sure you want "
1166	"to continue connecting (yes/no)? ", sizeof(msg));	1167	"to continue connecting (yes/no)? ", sizeof(msg));
1167	if (!confirm(msg))	1168	if (!confirm(msg))
1168	goto fail;	1169	goto fail;
		1170	} else if (options.strict_host_key_checking !=
		1171	SSH_STRICT_HOSTKEY_OFF) {
		1172	logit("%s", msg);
		1173	error("Exiting, you have requested strict checking.");
		1174	goto fail;
1169	} else {	1175	} else {
1170	logit("%s", msg);	1176	logit("%s", msg);
1171	}	1177	}