From da22216b5db3613325aa7b639f40dc017e4c6f69 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Mon, 27 Jan 2020 20:51:32 +0000 Subject: [PATCH] upstream: disable UpdateHostKeys=ask if command is specified; ok djm@ sthen@ OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7 --- ssh.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/ssh.c b/ssh.c index 4998ebc16..380e1e667 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.515 2020/01/25 00:21:08 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.516 2020/01/27 20:51:32 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1248,11 +1248,18 @@ main(int ac, char **av) strcmp(options.proxy_command, "-") == 0 && options.proxy_use_fdpass) fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); - if (options.control_persist && options.control_path != NULL && - options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { - debug("UpdateHostKeys=ask is incompatible with ControlPersist; " - "disabling"); - options.update_hostkeys = 0; + if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { + if (options.control_persist && options.control_path != NULL) { + debug("UpdateHostKeys=ask is incompatible with " + "ControlPersist; disabling"); + options.update_hostkeys = 0; + } else if (sshbuf_len(command) != 0 || + options.remote_command != NULL || + options.request_tty == REQUEST_TTY_NO) { + debug("UpdateHostKeys=ask is incompatible with " + "remote command execution; disabling"); + options.update_hostkeys = 0; + } } if (options.connection_attempts <= 0) fatal("Invalid number of ConnectionAttempts");