Bugzilla – Attachment 3049 Details for
Bug 2400
Fully refuse changed hostkeys when StrictHostKeyChecking=no
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
updated to -current
bz2400.diff (text/plain), 6.09 KB, created by
Damien Miller
on 2017-09-01 16:20:47 AEST
(
hide
)
Description:
updated to -current
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-09-01 16:20:47 AEST
Size:
6.09 KB
patch
obsolete
>diff --git a/readconf.c b/readconf.c >index b9a7f7c..35ade68 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -736,6 +736,16 @@ static const struct multistate multistate_yesnoask[] = { > { "ask", 2 }, > { NULL, -1 } > }; >+static const struct multistate multistate_strict_hostkey[] = { >+ { "true", SSH_STRICT_HOSTKEY_YES }, >+ { "false", SSH_STRICT_HOSTKEY_OFF }, >+ { "yes", SSH_STRICT_HOSTKEY_YES }, >+ { "no", SSH_STRICT_HOSTKEY_OFF }, >+ { "ask", SSH_STRICT_HOSTKEY_ASK }, >+ { "off", SSH_STRICT_HOSTKEY_OFF }, >+ { "accept-new", SSH_STRICT_HOSTKEY_NEW }, >+ { NULL, -1 } >+}; > static const struct multistate multistate_yesnoaskconfirm[] = { > { "true", 1 }, > { "false", 0 }, >@@ -969,7 +979,7 @@ parse_time: > > case oStrictHostKeyChecking: > intptr = &options->strict_host_key_checking; >- multistate_ptr = multistate_yesnoask; >+ multistate_ptr = multistate_strict_hostkey; > goto parse_multistate; > > case oCompression: >@@ -1912,7 +1922,7 @@ fill_default_options(Options * options) > if (options->check_host_ip == -1) > options->check_host_ip = 1; > if (options->strict_host_key_checking == -1) >- options->strict_host_key_checking = 2; /* 2 is default */ >+ options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; > if (options->compression == -1) > options->compression = 0; > if (options->tcp_keep_alive == -1) >@@ -2312,9 +2322,10 @@ fmt_intarg(OpCodes code, int val) > case oAddressFamily: > return fmt_multistate_int(val, multistate_addressfamily); > case oVerifyHostKeyDNS: >- case oStrictHostKeyChecking: > case oUpdateHostkeys: > return fmt_multistate_int(val, multistate_yesnoask); >+ case oStrictHostKeyChecking: >+ return fmt_multistate_int(val, multistate_strict_hostkey); > case oControlMaster: > return fmt_multistate_int(val, multistate_controlmaster); > case oTunnel: >diff --git a/readconf.h b/readconf.h >index 94dd427..a982aa7 100644 >--- a/readconf.h >+++ b/readconf.h >@@ -190,6 +190,11 @@ typedef struct { > #define SSH_UPDATE_HOSTKEYS_YES 1 > #define SSH_UPDATE_HOSTKEYS_ASK 2 > >+#define SSH_STRICT_HOSTKEY_OFF 0 >+#define SSH_STRICT_HOSTKEY_NEW 1 >+#define SSH_STRICT_HOSTKEY_YES 2 >+#define SSH_STRICT_HOSTKEY_ASK 3 >+ > void initialize_options(Options *); > void fill_default_options(Options *); > void fill_default_options_for_canonicalization(Options *); >diff --git a/ssh_config.5 b/ssh_config.5 >index 15ca0b4..75cea81 100644 >--- a/ssh_config.5 >+++ b/ssh_config.5 >@@ -1459,9 +1459,17 @@ frequently made. > This option forces the user to manually > add all new hosts. > If this flag is set to >-.Cm no , >-ssh will automatically add new host keys to the >-user known hosts files. >+.Dq accept-new >+then ssh will automatically add new new host keys to the user >+known hosts files, but will not permit connections to hosts with >+changed host keys. >+If this flag is set to >+.Dq no >+or >+.Dq off , >+ssh will automatically add new host keys to the user known hosts files, >+and allow connections to hosts with changed hostkeys to proceed subject >+to some restrictions. > If this flag is set to > .Cm ask > (the default), >diff --git a/sshconnect.c b/sshconnect.c >index 7dad4f4..545ef78 100644 >--- a/sshconnect.c >+++ b/sshconnect.c >@@ -863,7 +863,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > if (readonly || want_cert) > goto fail; > /* The host is new. */ >- if (options.strict_host_key_checking == 1) { >+ if (options.strict_host_key_checking == >+ SSH_STRICT_HOSTKEY_YES) { > /* > * User has requested strict host key checking. We > * will not add the host key automatically. The only >@@ -872,7 +873,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > error("No %s host key is known for %.200s and you " > "have requested strict checking.", type, host); > goto fail; >- } else if (options.strict_host_key_checking == 2) { >+ } else if (options.strict_host_key_checking == >+ SSH_STRICT_HOSTKEY_ASK) { > char msg1[1024], msg2[1024]; > > if (show_other_keys(host_hostkeys, host_key)) >@@ -916,8 +918,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > hostkey_trusted = 1; /* user explicitly confirmed */ > } > /* >- * If not in strict mode, add the key automatically to the >- * local known_hosts file. >+ * If in "new" or "off" strict mode, add the key automatically >+ * to the local known_hosts file. > */ > if (options.check_host_ip && ip_status == HOST_NEW) { > snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); >@@ -959,7 +961,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > * If strict host key checking is in use, the user will have > * to edit the key manually and we can only abort. > */ >- if (options.strict_host_key_checking) { >+ if (options.strict_host_key_checking != >+ SSH_STRICT_HOSTKEY_OFF) { > error("%s host key for %.200s was revoked and you have " > "requested strict checking.", type, host); > goto fail; >@@ -1012,7 +1015,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > * If strict host key checking is in use, the user will have > * to edit the key manually and we can only abort. > */ >- if (options.strict_host_key_checking) { >+ if (options.strict_host_key_checking != >+ SSH_STRICT_HOSTKEY_OFF) { > error("%s host key for %.200s has changed and you have " > "requested strict checking.", type, host); > goto fail; >@@ -1099,15 +1103,17 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > "\nMatching host key in %s:%lu", > host_found->file, host_found->line); > } >- if (options.strict_host_key_checking == 1) { >- logit("%s", msg); >- error("Exiting, you have requested strict checking."); >- goto fail; >- } else if (options.strict_host_key_checking == 2) { >+ if (options.strict_host_key_checking == >+ SSH_STRICT_HOSTKEY_ASK) { > strlcat(msg, "\nAre you sure you want " > "to continue connecting (yes/no)? ", sizeof(msg)); > if (!confirm(msg)) > goto fail; >+ } else if (options.strict_host_key_checking != >+ SSH_STRICT_HOSTKEY_OFF) { >+ logit("%s", msg); >+ error("Exiting, you have requested strict checking."); >+ goto fail; > } else { > logit("%s", msg); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3049">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2400
:
2682
|
2794
|
3049
|
3159