- grunk@cvs.openbsd.org 2008/06/26 11:46:31

[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] Move SSH Fingerprint Visualization away from sharing the config option CheckHostIP to an own config option named VisualHostKey. While there, fix the behaviour that ssh would draw a random art picture on every newly seen host even when the option was not enabled. prodded by deraadt@, discussions, help and ok markus@ djm@ dtucker@
author: Damien Miller <djm@mindrot.org> 2008-06-30 00:04:03 +1000
committer: Damien Miller <djm@mindrot.org> 2008-06-30 00:04:03 +1000
commit: 1028824e5c456dc3d8a57fe5bae539beb4a95432 (patch)
tree: aa151e1b321494095a70f8b65b298529386e609c /sshconnect.c
parent: 2e9cf4906926fba123d415fdac8465b94bcd38b3 (diff)
1 files changed, 7 insertions, 11 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 267670771..9c1550a96 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.208 2008/06/12 23:24:58 ian Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.209 2008/06/26 11:46:31 grunk Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -598,7 +598,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        char msg[1024];
        int len, host_line, ip_line;
        const char *host_file = NULL, *ip_file = NULL;
-        int display_randomart;
        /*
         * Force accepting of the host key for loopback/localhost. The
@@ -646,12 +645,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        }
        /*
-         * check_host_ip may be set to zero in the next step, so if it
-         * conveys a request to display the random art, save it away.
-         */
-        display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
-        /*
         * Turn off check_host_ip if the connection is to localhost, via proxy
         * command or if we don't have a hostname to compare with
         */
@@ -735,7 +728,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                                logit("Warning: Permanently added the %s host "
                                    "key for IP address '%.128s' to the list "
                                    "of known hosts.", type, ip);
-                } else if (display_randomart) {
+                } else if (options.visual_host_key) {
                        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                        ra = key_fingerprint(host_key, SSH_FP_MD5,
                            SSH_FP_RANDOMART);
@@ -793,10 +786,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        snprintf(msg, sizeof(msg),
                            "The authenticity of host '%.200s (%s)' can't be "
                            "established%s\n"
-                            "%s key fingerprint is %s.\n%s\n%s"
+                            "%s key fingerprint is %s.%s%s\n%s"
                            "Are you sure you want to continue connecting "
                            "(yes/no)? ",
-                            host, ip, msg1, type, fp, ra, msg2);
+                            host, ip, msg1, type, fp,
+                            options.visual_host_key ? "\n" : "",
+                            options.visual_host_key ? ra : "",
+                            msg2);
                        xfree(ra);
                        xfree(fp);
                        if (!confirm(msg))
author	Damien Miller <djm@mindrot.org>	2008-06-30 00:04:03 +1000
committer	Damien Miller <djm@mindrot.org>	2008-06-30 00:04:03 +1000
commit	1028824e5c456dc3d8a57fe5bae539beb4a95432 (patch)
tree	aa151e1b321494095a70f8b65b298529386e609c /sshconnect.c
parent	2e9cf4906926fba123d415fdac8465b94bcd38b3 (diff)