- jakob@cvs.openbsd.org 2003/11/03 09:09:41

[sshconnect.c] move changed key warning into warn_changed_key(). ok markus@
2003-11-17 21:10:47 +11:00 · 2003-11-17 21:10:47 +11:00 · 5a38897dbb
parent 3e8f41e6ac
commit 5a38897dbb
2 changed files with 29 additions and 14 deletions
--- a/6
+++ b/6
@ -4,7 +4,9 @@
     [auth-chall.c]
     make this a little more idiot-proof; ok markus@
     (includes portable-specific changes)
-
+   - jakob@cvs.openbsd.org 2003/11/03 09:09:41
     [sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@
 20031115
 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1425,4 +1427,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3098 2003/11/17 10:09:50 djm Exp $
+$Id: ChangeLog,v 1.3099 2003/11/17 10:10:47 djm Exp $
--- a/sshconnect.c
+++ b/sshconnect.c
@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $");
 #include <openssl/bn.h>
@ -52,6 +52,7 @@ extern pid_t proxy_command_pid;
 #endif
 static int show_other_keys(const char *, Key *);
 static void warn_changed_key(Key *);
 /*
 * Connect to the given ssh server using a proxy command.
@ -785,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 				error("Offending key for IP in %s:%d", ip_file, ip_line);
 		}
 		/* The host key has changed. */
-		fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+		warn_changed_key(host_key);
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
 		error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
 		error("It is also possible that the %s host key has just been changed.", type);
 		error("The fingerprint for the %s key sent by the remote host is\n%s.",
 		    type, fp);
 		error("Please contact your system administrator.");
 		error("Add correct host key in %.100s to get rid of this message.",
 		    user_hostfile);
 		error("Offending key in %s:%d", host_file, host_line);
 		xfree(fp);
 		/*
 		 * If strict host key checking is in use, the user will have
@ -1045,3 +1036,25 @@ show_other_keys(const char *host, Key *key)
 	}
 	return (found);
 }
 static void
 warn_changed_key(Key *host_key)
 {
 	char *fp;
 	char *type = key_type(host_key);
 	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
 	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 	error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
 	error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
 	error("It is also possible that the %s host key has just been changed.", type);
 	error("The fingerprint for the %s key sent by the remote host is\n%s.",
 	    type, fp);
 	error("Please contact your system administrator.");
 	xfree(fp);
 	xfree(type);
 }