- Merged OpenBSD CVS changes

- [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - [hostfile.c] in known_hosts key lookup the entry for the bits does not need to match, all the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me. - [serverloop.c] bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se> - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels)
author: Damien Miller <djm@mindrot.org> 1999-11-17 17:29:08 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-17 17:29:08 +1100
commit: 10f6f6ba9ee14d306f8780edee8a10640c1643e0 (patch)
tree: 859600c705d582b147162d73746cb2f39b59ed58 /sshconnect.c
parent: d743bba481056ba3d1c229c18fd42c6bdc3f8d74 (diff)
1 files changed, 11 insertions, 9 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 17c660979..be0a6c4b9 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -15,7 +15,7 @@ login (authentication) dialog.
 */
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.9 1999/11/16 02:37:17 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.10 1999/11/17 06:29:08 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -1081,9 +1081,9 @@ void ssh_login(int host_key_valid,
  rbits = BN_num_bits(public_key->n);
  if (bits != rbits) {
-    log("Warning: Server lies about size of server public key,");
+    log("Warning: Server lies about size of server public key: "
-    log("Warning: this may be due to an old implementation of ssh.");
+        "actual size is %d bits vs. announced %d.", rbits, bits);
-    log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
+    log("Warning: This may be due to an old implementation of ssh.");
  }
  /* Get the host key. */
@@ -1098,9 +1098,9 @@ void ssh_login(int host_key_valid,
  rbits = BN_num_bits(host_key->n);
  if (bits != rbits) {
-    log("Warning: Server lies about size of server host key,");
+    log("Warning: Server lies about size of server host key: "
-    log("Warning: this may be due to an old implementation of ssh.");
+        "actual size is %d bits vs. announced %d.", rbits, bits);
-    log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
+    log("Warning: This may be due to an old implementation of ssh.");
  }
  /* Store the host key from the known host file in here
@@ -1205,10 +1205,12 @@ void ssh_login(int host_key_valid,
        fatal("No host key is known for %.200s and you have requested strict checking.", host);
      } else if (options.strict_host_key_checking == 2) { /* The default */
        char prompt[1024];
+        char *fp = fingerprint(host_key->e, host_key->n);
        snprintf(prompt, sizeof(prompt),
                 "The authenticity of host '%.200s' can't be established.\n"
-                 "Are you sure you want to continue connecting (yes/no)? ",
+                 "Key fingerprint is %d %s.\n"
-                 host);
+                 "Are you sure you want to continue connecting (yes/no)? ",
+                 host, BN_num_bits(host_key->n), fp);
        if (!read_yes_or_no(prompt, -1))
          fatal("Aborted by user!\n");
      }
author	Damien Miller <djm@mindrot.org>	1999-11-17 17:29:08 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-17 17:29:08 +1100
commit	10f6f6ba9ee14d306f8780edee8a10640c1643e0 (patch)
tree	859600c705d582b147162d73746cb2f39b59ed58 /sshconnect.c
parent	d743bba481056ba3d1c229c18fd42c6bdc3f8d74 (diff)