Attachment #3049 for bug #2400

Lines 736-741 static const struct multistate multistate_yesnoask[] = { Link Here

(-)a/readconf.c (-3 / +14 lines)
736	{ "ask", 2 },	736	{ "ask", 2 },
737	{ NULL, -1 }	737	{ NULL, -1 }
738	};	738	};
		739	static const struct multistate multistate_strict_hostkey[] = {
		740	{ "true", SSH_STRICT_HOSTKEY_YES },
		741	{ "false", SSH_STRICT_HOSTKEY_OFF },
		742	{ "yes", SSH_STRICT_HOSTKEY_YES },
		743	{ "no", SSH_STRICT_HOSTKEY_OFF },
		744	{ "ask", SSH_STRICT_HOSTKEY_ASK },
		745	{ "off", SSH_STRICT_HOSTKEY_OFF },
		746	{ "accept-new", SSH_STRICT_HOSTKEY_NEW },
		747	{ NULL, -1 }
		748	};
739	static const struct multistate multistate_yesnoaskconfirm[] = {	749	static const struct multistate multistate_yesnoaskconfirm[] = {
740	{ "true", 1 },	750	{ "true", 1 },
741	{ "false", 0 },	751	{ "false", 0 },
Lines 969-975 parse_time: Link Here
969		979
970	case oStrictHostKeyChecking:	980	case oStrictHostKeyChecking:
971	intptr = &options->strict_host_key_checking;	981	intptr = &options->strict_host_key_checking;
972	multistate_ptr = multistate_yesnoask;	982	multistate_ptr = multistate_strict_hostkey;
973	goto parse_multistate;	983	goto parse_multistate;
974		984
975	case oCompression:	985	case oCompression:
Lines 1912-1918 fill_default_options(Options * options) Link Here
1912	if (options->check_host_ip == -1)	1922	if (options->check_host_ip == -1)
1913	options->check_host_ip = 1;	1923	options->check_host_ip = 1;
1914	if (options->strict_host_key_checking == -1)	1924	if (options->strict_host_key_checking == -1)
1915	options->strict_host_key_checking = 2; /* 2 is default */	1925	options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
1916	if (options->compression == -1)	1926	if (options->compression == -1)
1917	options->compression = 0;	1927	options->compression = 0;
1918	if (options->tcp_keep_alive == -1)	1928	if (options->tcp_keep_alive == -1)
Lines 2312-2320 fmt_intarg(OpCodes code, int val) Link Here
2312	case oAddressFamily:	2322	case oAddressFamily:
2313	return fmt_multistate_int(val, multistate_addressfamily);	2323	return fmt_multistate_int(val, multistate_addressfamily);
2314	case oVerifyHostKeyDNS:	2324	case oVerifyHostKeyDNS:
2315	case oStrictHostKeyChecking:
2316	case oUpdateHostkeys:	2325	case oUpdateHostkeys:
2317	return fmt_multistate_int(val, multistate_yesnoask);	2326	return fmt_multistate_int(val, multistate_yesnoask);
		2327	case oStrictHostKeyChecking:
		2328	return fmt_multistate_int(val, multistate_strict_hostkey);
2318	case oControlMaster:	2329	case oControlMaster:
2319	return fmt_multistate_int(val, multistate_controlmaster);	2330	return fmt_multistate_int(val, multistate_controlmaster);
2320	case oTunnel:	2331	case oTunnel:

Lines 190-195 typedef struct { Link Here

(-)a/readconf.h (+5 lines)
190	#define SSH_UPDATE_HOSTKEYS_YES 1	190	#define SSH_UPDATE_HOSTKEYS_YES 1
191	#define SSH_UPDATE_HOSTKEYS_ASK 2	191	#define SSH_UPDATE_HOSTKEYS_ASK 2
192		192
		193	#define SSH_STRICT_HOSTKEY_OFF 0
		194	#define SSH_STRICT_HOSTKEY_NEW 1
		195	#define SSH_STRICT_HOSTKEY_YES 2
		196	#define SSH_STRICT_HOSTKEY_ASK 3
		197
193	void initialize_options(Options *);	198	void initialize_options(Options *);
194	void fill_default_options(Options *);	199	void fill_default_options(Options *);
195	void fill_default_options_for_canonicalization(Options *);	200	void fill_default_options_for_canonicalization(Options *);




This option forces the user to manually
add all new hosts.
If this flag is set to
.Dq accept-new
then ssh will automatically add new new host keys to the user
known hosts files, but will not permit connections to hosts with
changed host keys.
If this flag is set to
.Dq no
or
.Dq off ,
ssh will automatically add new host keys to the user known hosts files,
and allow connections to hosts with changed hostkeys to proceed subject
to some restrictions.
If this flag is set to
.Cm ask
(the default),




		if (readonly || want_cert)
			goto fail;
		/* The host is new. */
		if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_YES) {
			/*
			 * User has requested strict host key checking.  We
			 * will not add the host key automatically.  The only

			error("No %s host key is known for %.200s and you "
			    "have requested strict checking.", type, host);
			goto fail;
		} else if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_ASK) {
			char msg1[1024], msg2[1024];

			if (show_other_keys(host_hostkeys, host_key))

			hostkey_trusted = 1; /* user explicitly confirmed */
		}
		/*
		 * If in "new" or "off" strict mode, add the key automatically
		 * to the local known_hosts file.
		 */
		if (options.check_host_ip && ip_status == HOST_NEW) {
			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);

		 * If strict host key checking is in use, the user will have
		 * to edit the key manually and we can only abort.
		 */
		if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			error("%s host key for %.200s was revoked and you have "
			    "requested strict checking.", type, host);
			goto fail;

		 * If strict host key checking is in use, the user will have
		 * to edit the key manually and we can only abort.
		 */
		if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			error("%s host key for %.200s has changed and you have "
			    "requested strict checking.", type, host);
			goto fail;

			    "\nMatching host key in %s:%lu",
			    host_found->file, host_found->line);
		}
		if (options.strict_host_key_checking ==
		    SSH_STRICT_HOSTKEY_ASK) {
			error("Exiting, you have requested strict checking.");
			goto fail;
		} else if (options.strict_host_key_checking == 2) {
			strlcat(msg, "\nAre you sure you want "
			    "to continue connecting (yes/no)? ", sizeof(msg));
			if (!confirm(msg))
				goto fail;
		} else if (options.strict_host_key_checking !=
		    SSH_STRICT_HOSTKEY_OFF) {
			logit("%s", msg);
			error("Exiting, you have requested strict checking.");
			goto fail;
		} else {
			logit("%s", msg);
		}

Return to bug 2400

Lines 1459-1467 frequently made. Link Here

(-)a/ssh_config.5 (-3 / +11 lines)
1459	This option forces the user to manually	1459	This option forces the user to manually
1460	add all new hosts.	1460	add all new hosts.
1461	If this flag is set to	1461	If this flag is set to
1462	.Cm no ,	1462	.Dq accept-new
1463	ssh will automatically add new host keys to the	1463	then ssh will automatically add new new host keys to the user
1464	user known hosts files.	1464	known hosts files, but will not permit connections to hosts with
		1465	changed host keys.
		1466	If this flag is set to
		1467	.Dq no
		1468	or
		1469	.Dq off ,
		1470	ssh will automatically add new host keys to the user known hosts files,
		1471	and allow connections to hosts with changed hostkeys to proceed subject
		1472	to some restrictions.
1465	If this flag is set to	1473	If this flag is set to
1466	.Cm ask	1474	.Cm ask
1467	(the default),	1475	(the default),

Lines 863-869 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here

(-)a/sshconnect.c (-11 / +17 lines)
863	if (readonly \|\| want_cert)	863	if (readonly \|\| want_cert)
864	goto fail;	864	goto fail;
865	/* The host is new. */	865	/* The host is new. */
866	if (options.strict_host_key_checking == 1) {	866	if (options.strict_host_key_checking ==
		867	SSH_STRICT_HOSTKEY_YES) {
867	/*	868	/*
868	* User has requested strict host key checking. We	869	* User has requested strict host key checking. We
869	* will not add the host key automatically. The only	870	* will not add the host key automatically. The only
Lines 872-878 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
872	error("No %s host key is known for %.200s and you "	873	error("No %s host key is known for %.200s and you "
873	"have requested strict checking.", type, host);	874	"have requested strict checking.", type, host);
874	goto fail;	875	goto fail;
875	} else if (options.strict_host_key_checking == 2) {	876	} else if (options.strict_host_key_checking ==
		877	SSH_STRICT_HOSTKEY_ASK) {
876	char msg1[1024], msg2[1024];	878	char msg1[1024], msg2[1024];
877		879
878	if (show_other_keys(host_hostkeys, host_key))	880	if (show_other_keys(host_hostkeys, host_key))
Lines 916-923 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
916	hostkey_trusted = 1; /* user explicitly confirmed */	918	hostkey_trusted = 1; /* user explicitly confirmed */
917	}	919	}
918	/*	920	/*
919	* If not in strict mode, add the key automatically to the	921	* If in "new" or "off" strict mode, add the key automatically
920	* local known_hosts file.	922	* to the local known_hosts file.
921	*/	923	*/
922	if (options.check_host_ip && ip_status == HOST_NEW) {	924	if (options.check_host_ip && ip_status == HOST_NEW) {
923	snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);	925	snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
Lines 959-965 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
959	* If strict host key checking is in use, the user will have	961	* If strict host key checking is in use, the user will have
960	* to edit the key manually and we can only abort.	962	* to edit the key manually and we can only abort.
961	*/	963	*/
962	if (options.strict_host_key_checking) {	964	if (options.strict_host_key_checking !=
		965	SSH_STRICT_HOSTKEY_OFF) {
963	error("%s host key for %.200s was revoked and you have "	966	error("%s host key for %.200s was revoked and you have "
964	"requested strict checking.", type, host);	967	"requested strict checking.", type, host);
965	goto fail;	968	goto fail;
Lines 1012-1018 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
1012	* If strict host key checking is in use, the user will have	1015	* If strict host key checking is in use, the user will have
1013	* to edit the key manually and we can only abort.	1016	* to edit the key manually and we can only abort.
1014	*/	1017	*/
1015	if (options.strict_host_key_checking) {	1018	if (options.strict_host_key_checking !=
		1019	SSH_STRICT_HOSTKEY_OFF) {
1016	error("%s host key for %.200s has changed and you have "	1020	error("%s host key for %.200s has changed and you have "
1017	"requested strict checking.", type, host);	1021	"requested strict checking.", type, host);
1018	goto fail;	1022	goto fail;
Lines 1099-1113 check_host_key(char hostname, struct sockaddr hostaddr, u_short port, Link Here
1099	"\nMatching host key in %s:%lu",	1103	"\nMatching host key in %s:%lu",
1100	host_found->file, host_found->line);	1104	host_found->file, host_found->line);
1101	}	1105	}
1102	if (options.strict_host_key_checking == 1) {	1106	if (options.strict_host_key_checking ==
1103	logit("%s", msg);	1107	SSH_STRICT_HOSTKEY_ASK) {
1104	error("Exiting, you have requested strict checking.");
1105	goto fail;
1106	} else if (options.strict_host_key_checking == 2) {
1107	strlcat(msg, "\nAre you sure you want "	1108	strlcat(msg, "\nAre you sure you want "
1108	"to continue connecting (yes/no)? ", sizeof(msg));	1109	"to continue connecting (yes/no)? ", sizeof(msg));
1109	if (!confirm(msg))	1110	if (!confirm(msg))
1110	goto fail;	1111	goto fail;
		1112	} else if (options.strict_host_key_checking !=
		1113	SSH_STRICT_HOSTKEY_OFF) {
		1114	logit("%s", msg);
		1115	error("Exiting, you have requested strict checking.");
		1116	goto fail;
1111	} else {	1117	} else {
1112	logit("%s", msg);	1118	logit("%s", msg);
1113	}	1119	}