diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-29 07:51:30 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-29 18:52:55 +1100 |
commit | 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff (patch) | |
tree | 9a145d973b01259e3c6887b431350da6f9c13e37 /clientloop.c | |
parent | 24c0f752adf9021277a7b0a84931bb5fe48ea379 (diff) |
upstream: give more context to UpdateHostKeys messages, mentioning
that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@
OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/clientloop.c b/clientloop.c index f02fc5811..175b84802 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.335 2020/01/26 00:14:45 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.336 2020/01/29 07:51:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1888,11 +1888,22 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) | |||
1888 | } | 1888 | } |
1889 | 1889 | ||
1890 | static void | 1890 | static void |
1891 | update_known_hosts(struct hostkeys_update_ctx *ctx) | 1891 | hostkey_change_preamble(void) |
1892 | { | 1892 | { |
1893 | int r, was_raw = 0; | ||
1894 | LogLevel loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ? | 1893 | LogLevel loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ? |
1895 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; | 1894 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; |
1895 | |||
1896 | do_log2(loglevel, "The server has updated its host keys."); | ||
1897 | do_log2(loglevel, "These changes were verified by the server's " | ||
1898 | "existing trusted key."); | ||
1899 | } | ||
1900 | |||
1901 | static void | ||
1902 | update_known_hosts(struct hostkeys_update_ctx *ctx) | ||
1903 | { | ||
1904 | int r, was_raw = 0, first = 1; | ||
1905 | int asking = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK; | ||
1906 | LogLevel loglevel = asking ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; | ||
1896 | char *fp, *response; | 1907 | char *fp, *response; |
1897 | size_t i; | 1908 | size_t i; |
1898 | struct stat sb; | 1909 | struct stat sb; |
@@ -1903,16 +1914,22 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) | |||
1903 | if ((fp = sshkey_fingerprint(ctx->keys[i], | 1914 | if ((fp = sshkey_fingerprint(ctx->keys[i], |
1904 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) | 1915 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) |
1905 | fatal("%s: sshkey_fingerprint failed", __func__); | 1916 | fatal("%s: sshkey_fingerprint failed", __func__); |
1917 | if (first && asking) | ||
1918 | hostkey_change_preamble(); | ||
1906 | do_log2(loglevel, "Learned new hostkey: %s %s", | 1919 | do_log2(loglevel, "Learned new hostkey: %s %s", |
1907 | sshkey_type(ctx->keys[i]), fp); | 1920 | sshkey_type(ctx->keys[i]), fp); |
1921 | first = 0; | ||
1908 | free(fp); | 1922 | free(fp); |
1909 | } | 1923 | } |
1910 | for (i = 0; i < ctx->nold; i++) { | 1924 | for (i = 0; i < ctx->nold; i++) { |
1911 | if ((fp = sshkey_fingerprint(ctx->old_keys[i], | 1925 | if ((fp = sshkey_fingerprint(ctx->old_keys[i], |
1912 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) | 1926 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) |
1913 | fatal("%s: sshkey_fingerprint failed", __func__); | 1927 | fatal("%s: sshkey_fingerprint failed", __func__); |
1928 | if (first && asking) | ||
1929 | hostkey_change_preamble(); | ||
1914 | do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", | 1930 | do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", |
1915 | sshkey_type(ctx->old_keys[i]), fp); | 1931 | sshkey_type(ctx->old_keys[i]), fp); |
1932 | first = 0; | ||
1916 | free(fp); | 1933 | free(fp); |
1917 | } | 1934 | } |
1918 | if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { | 1935 | if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { |