tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Accept the host key fingerprint as a synonym for "yes" 

when accepting an unknown host key.  This allows you to paste a fingerprint
obtained out of band into the yes/no prompt and have the client do the
comparison for you.  ok markus@ djm@

OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767
This commit is contained in:
dtucker@openbsd.org 2019-01-24 17:00:29 +00:00 committed by Darren Tucker
parent bdc6c63c80
commit 05b9a46670
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */
/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -563,22 +563,24 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs,
/* defaults to 'no' */
static int
confirm(const char *prompt)
confirm(const char *prompt, const char *fingerprint)
{
const char *msg, *again = "Please type 'yes' or 'no': ";
const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
char *p;
int ret = -1;
if (options.batch_mode)
return 0;
for (msg = prompt;;msg = again) {
for (msg = prompt;;msg = fingerprint ? again_fp : again) {
p = read_passphrase(msg, RP_ECHO);
if (p == NULL)
return 0;
p[strcspn(p, "\n")] = '\0';
if (p[0] == '\0' || strcasecmp(p, "no") == 0)
ret = 0;
else if (strcasecmp(p, "yes") == 0)
else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
strcasecmp(p, fingerprint) == 0))
ret = 1;
free(p);
if (ret != -1)
@ -706,7 +708,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
char msg[1024];
const char *type;
const struct hostkey_entry *host_found, *ip_found;
int len, cancelled_forwarding = 0;
int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr);
int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
int hostkey_trusted = 0; /* Known or explicitly accepted by user */
@ -881,14 +883,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
"established%s\n"
"%s key fingerprint is %s.%s%s\n%s"
"Are you sure you want to continue connecting "
"(yes/no)? ",
"(yes/no/[fingerprint])? ",
host, ip, msg1, type, fp,
options.visual_host_key ? "\n" : "",
options.visual_host_key ? ra : "",
msg2);
free(ra);
confirmed = confirm(msg, fp);
free(fp);
if (!confirm(msg))
if (!confirmed)
goto fail;
hostkey_trusted = 1; /* user explicitly confirmed */
}
@ -1082,7 +1085,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
SSH_STRICT_HOSTKEY_ASK) {
strlcat(msg, "\nAre you sure you want "
"to continue connecting (yes/no)? ", sizeof(msg));
if (!confirm(msg))
if (!confirm(msg, NULL))
goto fail;
} else if (options.strict_host_key_checking !=
SSH_STRICT_HOSTKEY_OFF) {