diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-02-20 22:17:21 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-02-21 09:20:28 +1100 |
| commit | 44732de06884238049f285f1455b2181baa7dc82 (patch) | |
| tree | deb3c48176195cfc4028b55d2a1a71607e9f7fb0 /serverloop.c | |
| parent | 13a39414d25646f93e6d355521d832a03aaaffe2 (diff) | |
upstream commit
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/serverloop.c b/serverloop.c index 5633ceb41..306ac36be 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: serverloop.c,v 1.177 2015/02/16 22:13:32 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1195,10 +1195,10 @@ server_input_hostkeys_prove(struct sshbuf **respp) | |||
| 1195 | sshbuf_reset(sigbuf); | 1195 | sshbuf_reset(sigbuf); |
| 1196 | free(sig); | 1196 | free(sig); |
| 1197 | sig = NULL; | 1197 | sig = NULL; |
| 1198 | if ((r = sshbuf_put_string(sigbuf, | 1198 | if ((r = sshbuf_put_cstring(sigbuf, |
| 1199 | "hostkeys-prove-00@openssh.com")) != 0 || | ||
| 1200 | (r = sshbuf_put_string(sigbuf, | ||
| 1199 | ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || | 1201 | ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || |
| 1200 | (r = sshbuf_put_cstring(sigbuf, | ||
| 1201 | "hostkeys-prove@openssh.com")) != 0 || | ||
| 1202 | (r = sshkey_puts(key, sigbuf)) != 0 || | 1202 | (r = sshkey_puts(key, sigbuf)) != 0 || |
| 1203 | (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, | 1203 | (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, |
| 1204 | sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 || | 1204 | sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 || |
| @@ -1310,7 +1310,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
| 1310 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { | 1310 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { |
| 1311 | no_more_sessions = 1; | 1311 | no_more_sessions = 1; |
| 1312 | success = 1; | 1312 | success = 1; |
| 1313 | } else if (strcmp(rtype, "hostkeys-prove@openssh.com") == 0) { | 1313 | } else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) { |
| 1314 | success = server_input_hostkeys_prove(&resp); | 1314 | success = server_input_hostkeys_prove(&resp); |
| 1315 | } | 1315 | } |
| 1316 | if (want_reply) { | 1316 | if (want_reply) { |