Add mention of ssh-keygen in ssh connect warning (Scott Moser).

author: Colin Watson <cjwatson@debian.org> 2012-11-26 16:33:35 +0000
committer: Colin Watson <cjwatson@debian.org> 2012-11-26 16:33:35 +0000
commit: 1ea794a34403a618e59bf5993912503fe1f64d11 (patch)
tree: 5b77db7c784e2b25ce3170a9f50eb148f7e1aacd
parent: 2c3850b2193fa51b4a8d0b55f38b951917022b5c (diff)
4 files changed, 41 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index b3f7fc49a..a35c39b94 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ openssh (1:6.1p1-2) UNRELEASED; urgency=low
      been long enough since the relevant vulnerability that we shouldn't
      need these installed by default nowadays.
    - Add an Upstart job (not currently used by default in Debian).
+    - Add mention of ssh-keygen in ssh connect warning (Scott Moser).
  * Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
    #694282).
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
new file mode 100644
index 000000000..42b32638c
--- /dev/null
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -0,0 +1,33 @@
+Description: Mention ssh-keygen in ssh fingerprint changed warning
+Author: Scott Moser <smoser@ubuntu.com>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
+Last-Update: 2010-12-14
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -956,9 +956,12 @@
+                        error("%s. This could either mean that", key_msg);
+                        error("DNS SPOOFING is happening or the IP address for the host");
+                        error("and its host key have changed at the same time.");
+-                       if (ip_status != HOST_NEW)
+                       if (ip_status != HOST_NEW) {
+                                error("Offending key for IP in %s:%lu",
+                                    ip_found->file, ip_found->line);
+                               error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                                   ip_found->file, ip);
+                       }
+                }
+                /* The host key has changed. */
+                warn_changed_key(host_key);
+@@ -966,6 +969,8 @@
+                    user_hostfiles[0]);
+                error("Offending %s key in %s:%lu", key_type(host_found->key),
+                    host_found->file, host_found->line);
+               error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                   host_found->file, host);
+ 
+                /*
+                 * If strict host key checking is in use, the user will have
diff --git a/debian/patches/series b/debian/patches/series
index c940d8384..cb6be9a28 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,6 +26,7 @@ scp-quoting.patch
 shell-path.patch
 dnssec-sshfp.patch
 auth-log-verbosity.patch
+mention-ssh-keygen-on-keychange.patch
 # Versioning
 package-versioning.patch
diff --git a/sshconnect.c b/sshconnect.c
index aed4c0bc7..2cde2f0a3 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -956,9 +956,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        error("%s. This could either mean that", key_msg);
                        error("DNS SPOOFING is happening or the IP address for the host");
                        error("and its host key have changed at the same time.");
-                        if (ip_status != HOST_NEW)
+                        if (ip_status != HOST_NEW) {
                                error("Offending key for IP in %s:%lu",
                                    ip_found->file, ip_found->line);
+                                error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                                    ip_found->file, ip);
+                        }
                }
                /* The host key has changed. */
                warn_changed_key(host_key);
@@ -966,6 +969,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                    user_hostfiles[0]);
                error("Offending %s key in %s:%lu", key_type(host_found->key),
                    host_found->file, host_found->line);
+                error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                    host_found->file, host);
                /*
                 * If strict host key checking is in use, the user will have
author	Colin Watson <cjwatson@debian.org>	2012-11-26 16:33:35 +0000
committer	Colin Watson <cjwatson@debian.org>	2012-11-26 16:33:35 +0000
commit	1ea794a34403a618e59bf5993912503fe1f64d11 (patch)
tree	5b77db7c784e2b25ce3170a9f50eb148f7e1aacd
parent	2c3850b2193fa51b4a8d0b55f38b951917022b5c (diff)

diff --git a/debian/changelog b/debian/changelog index b3f7fc49a..a35c39b94 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -8,6 +8,7 @@ openssh (1:6.1p1-2) UNRELEASED; urgency=low
8	been long enough since the relevant vulnerability that we shouldn't	8	been long enough since the relevant vulnerability that we shouldn't
9	need these installed by default nowadays.	9	need these installed by default nowadays.
10	- Add an Upstart job (not currently used by default in Debian).	10	- Add an Upstart job (not currently used by default in Debian).
		11	- Add mention of ssh-keygen in ssh connect warning (Scott Moser).
11	* Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:	12	* Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
12	#694282).	13	#694282).
13		14


diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch new file mode 100644 index 000000000..42b32638c --- /dev/null +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -0,0 +1,33 @@
		1	Description: Mention ssh-keygen in ssh fingerprint changed warning
		2	Author: Scott Moser <smoser@ubuntu.com>
		3	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
		4	Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
		5	Last-Update: 2010-12-14
		6
		7	Index: b/sshconnect.c
		8	===================================================================
		9	--- a/sshconnect.c
		10	+++ b/sshconnect.c
		11	@@ -956,9 +956,12 @@
		12	error("%s. This could either mean that", key_msg);
		13	error("DNS SPOOFING is happening or the IP address for the host");
		14	error("and its host key have changed at the same time.");
		15	- if (ip_status != HOST_NEW)
		16	+ if (ip_status != HOST_NEW) {
		17	error("Offending key for IP in %s:%lu",
		18	ip_found->file, ip_found->line);
		19	+ error(" remove with: ssh-keygen -f \"%s\" -R %s",
		20	+ ip_found->file, ip);
		21	+ }
		22	}
		23	/* The host key has changed. */
		24	warn_changed_key(host_key);
		25	@@ -966,6 +969,8 @@
		26	user_hostfiles[0]);
		27	error("Offending %s key in %s:%lu", key_type(host_found->key),
		28	host_found->file, host_found->line);
		29	+ error(" remove with: ssh-keygen -f \"%s\" -R %s",
		30	+ host_found->file, host);
		31
		32	/*
		33	* If strict host key checking is in use, the user will have


diff --git a/debian/patches/series b/debian/patches/series index c940d8384..cb6be9a28 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -26,6 +26,7 @@ scp-quoting.patch
26	shell-path.patch	26	shell-path.patch
27	dnssec-sshfp.patch	27	dnssec-sshfp.patch
28	auth-log-verbosity.patch	28	auth-log-verbosity.patch
		29	mention-ssh-keygen-on-keychange.patch
29		30
30	# Versioning	31	# Versioning
31	package-versioning.patch	32	package-versioning.patch


diff --git a/sshconnect.c b/sshconnect.c index aed4c0bc7..2cde2f0a3 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -956,9 +956,12 @@ check_host_key(char hostname, struct sockaddr hostaddr, u_short port,
956	error("%s. This could either mean that", key_msg);	956	error("%s. This could either mean that", key_msg);
957	error("DNS SPOOFING is happening or the IP address for the host");	957	error("DNS SPOOFING is happening or the IP address for the host");
958	error("and its host key have changed at the same time.");	958	error("and its host key have changed at the same time.");
959	if (ip_status != HOST_NEW)	959	if (ip_status != HOST_NEW) {
960	error("Offending key for IP in %s:%lu",	960	error("Offending key for IP in %s:%lu",
961	ip_found->file, ip_found->line);	961	ip_found->file, ip_found->line);
		962	error(" remove with: ssh-keygen -f \"%s\" -R %s",
		963	ip_found->file, ip);
		964	}
962	}	965	}
963	/* The host key has changed. */	966	/* The host key has changed. */
964	warn_changed_key(host_key);	967	warn_changed_key(host_key);
@@ -966,6 +969,8 @@ check_host_key(char hostname, struct sockaddr hostaddr, u_short port,
966	user_hostfiles[0]);	969	user_hostfiles[0]);
967	error("Offending %s key in %s:%lu", key_type(host_found->key),	970	error("Offending %s key in %s:%lu", key_type(host_found->key),
968	host_found->file, host_found->line);	971	host_found->file, host_found->line);
		972	error(" remove with: ssh-keygen -f \"%s\" -R %s",
		973	host_found->file, host);
969		974
970	/*	975	/*
971	* If strict host key checking is in use, the user will have	976	* If strict host key checking is in use, the user will have