mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-15 22:54:35 +00:00
3ed6640532
[hostfile.c hostfile.h sshconnect.c]
print out all known keys for a host if we get a unknown host key,
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
the ssharp mitm tool attacks users in a similar way, so i'd like to
pointed out again:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'bla' can't be established.
(protocol version 2 with pubkey authentication allows you to detect
MITM attacks)
29 lines
975 B
C
29 lines
975 B
C
/* $OpenBSD: hostfile.h,v 1.11 2002/07/24 16:11:18 markus Exp $ */
|
|
|
|
/*
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
* All rights reserved
|
|
*
|
|
* As far as I am concerned, the code I have written for this software
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
* software must be clearly marked as such, and if the derived work is
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
*/
|
|
#ifndef HOSTFILE_H
|
|
#define HOSTFILE_H
|
|
|
|
typedef enum {
|
|
HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND,
|
|
} HostStatus;
|
|
|
|
int hostfile_read_key(char **, u_int *, Key *);
|
|
HostStatus
|
|
check_host_in_hostfile(const char *, const char *, Key *, Key *, int *);
|
|
int add_host_to_hostfile(const char *, const char *, Key *);
|
|
int
|
|
lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *);
|
|
|
|
#endif
|