upstream commit

Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
author: djm@openbsd.org <djm@openbsd.org> 2015-01-26 03:04:45 +0000
committer: Damien Miller <djm@mindrot.org> 2015-01-27 00:00:57 +1100
commit: 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (patch)
tree: c98e66c1c0824f0b0e312d7b44d8eeac46265362 /sshconnect.c
parent: 60b1825262b1f1e24fc72050b907189c92daf18e (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 6fc3fa520..ae3b642cb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.256 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.257 2015/01/26 03:04:46 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -818,6 +818,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        int len, cancelled_forwarding = 0;
        int local = sockaddr_is_local(hostaddr);
        int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
+        int hostkey_trusted = 0; /* Known or explicitly accepted by user */
        struct hostkeys *host_hostkeys, *ip_hostkeys;
        u_int i;
@@ -926,6 +927,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        free(ra);
                        free(fp);
                }
+                hostkey_trusted = 1;
                break;
        case HOST_NEW:
                if (options.host_key_alias == NULL && port != 0 &&
@@ -989,6 +991,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        free(fp);
                        if (!confirm(msg))
                                goto fail;
+                        hostkey_trusted = 1; /* user explicitly confirmed */
                }
                /*
                 * If not in strict mode, add the key automatically to the
@@ -1187,6 +1190,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                }
        }
+        if (!hostkey_trusted && options.update_hostkeys) {
+                debug("%s: hostkey not known or explicitly trusted: "
+                    "disabling UpdateHostkeys", __func__);
+                options.update_hostkeys = 0;
+        }
        free(ip);
        free(host);
        if (host_hostkeys != NULL)
author	djm@openbsd.org <djm@openbsd.org>	2015-01-26 03:04:45 +0000
committer	Damien Miller <djm@mindrot.org>	2015-01-27 00:00:57 +1100
commit	8d4f87258f31cb6def9b3b55b6a7321d84728ff2 (patch)
tree	c98e66c1c0824f0b0e312d7b44d8eeac46265362 /sshconnect.c
parent	60b1825262b1f1e24fc72050b907189c92daf18e (diff)