RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- jakob@cvs.openbsd.org 2003/11/03 09:09:41 

[sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@
This commit is contained in:
Damien Miller 2003-11-17 21:10:47 +11:00
parent 3e8f41e6ac
commit 5a38897dbb
2 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -4,7 +4,9 @@
[auth-chall.c]
make this a little more idiot-proof; ok markus@
(includes portable-specific changes)
- jakob@cvs.openbsd.org 2003/11/03 09:09:41
[sshconnect.c]
move changed key warning into warn_changed_key(). ok markus@
20031115
- (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1425,4 +1427,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3098 2003/11/17 10:09:50 djm Exp $
$Id: ChangeLog,v 1.3099 2003/11/17 10:10:47 djm Exp $

37
sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $");
#include <openssl/bn.h>
@ -52,6 +52,7 @@ extern pid_t proxy_command_pid;
#endif
static int show_other_keys(const char *, Key *);
static void warn_changed_key(Key *);
/*
* Connect to the given ssh server using a proxy command.
@ -785,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
error("Offending key for IP in %s:%d", ip_file, ip_line);
}
/* The host key has changed. */
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.", type);
error("The fingerprint for the %s key sent by the remote host is\n%s.",
type, fp);
error("Please contact your system administrator.");
warn_changed_key(host_key);
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
xfree(fp);
/*
* If strict host key checking is in use, the user will have
@ -1045,3 +1036,25 @@ show_other_keys(const char *host, Key *key)
}
return (found);
}
static void
warn_changed_key(Key *host_key)
{
char *fp;
char *type = key_type(host_key);
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.", type);
error("The fingerprint for the %s key sent by the remote host is\n%s.",
type, fp);
error("Please contact your system administrator.");
xfree(fp);
xfree(type);
}