diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-02 19:03:54 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-02 19:03:54 +0000 |
commit | c72745afa96a87d41a22804f48499db12d95dfcd (patch) | |
tree | f4c529e4effe1a7f0c9b818bd198a305c73efeb9 /sshconnect.c | |
parent | a15e39b05fa013e16bbe293244cb49b0f27e2901 (diff) |
20001203
- (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/11/30 22:54:31
[channels.c]
debug->warn if tried to do -R style fwd w/o client requesting this;
ok neils@
- markus@cvs.openbsd.org 2000/11/29 20:39:17
[cipher.c]
des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
- markus@cvs.openbsd.org 2000/11/30 18:33:05
[ssh-agent.c]
agents must not dump core, ok niels@
- markus@cvs.openbsd.org 2000/11/30 07:04:02
[ssh.1]
T is for both protocols
- markus@cvs.openbsd.org 2000/12/01 00:00:51
[ssh.1]
typo; from green@FreeBSD.org
- markus@cvs.openbsd.org 2000/11/30 07:02:35
[ssh.c]
check -T before isatty()
- provos@cvs.openbsd.org 2000/11/29 13:51:27
[sshconnect.c]
show IP address and hostname when new key is encountered. okay markus@
- markus@cvs.openbsd.org 2000/11/30 22:53:35
[sshconnect.c]
disable agent/x11/port fwding if hostkey has changed; ok niels@
- marksu@cvs.openbsd.org 2000/11/29 21:11:59
[sshd.c]
sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/sshconnect.c b/sshconnect.c index b33f20958..b54e75a8a 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.81 2000/11/06 23:16:35 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/dsa.h> | 19 | #include <openssl/dsa.h> |
@@ -508,13 +508,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
508 | if (options.proxy_command != NULL && options.check_host_ip) | 508 | if (options.proxy_command != NULL && options.check_host_ip) |
509 | options.check_host_ip = 0; | 509 | options.check_host_ip = 0; |
510 | 510 | ||
511 | if (options.check_host_ip) { | 511 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
512 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 512 | NULL, 0, NI_NUMERICHOST) != 0) |
513 | NULL, 0, NI_NUMERICHOST) != 0) | 513 | fatal("check_host_key: getnameinfo failed"); |
514 | fatal("check_host_key: getnameinfo failed"); | 514 | ip = xstrdup(ntop); |
515 | ip = xstrdup(ntop); | 515 | |
516 | } | ||
517 | |||
518 | /* | 516 | /* |
519 | * Store the host key from the known host file in here so that we can | 517 | * Store the host key from the known host file in here so that we can |
520 | * compare it with the key for the IP address. | 518 | * compare it with the key for the IP address. |
@@ -577,10 +575,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
577 | char prompt[1024]; | 575 | char prompt[1024]; |
578 | char *fp = key_fingerprint(host_key); | 576 | char *fp = key_fingerprint(host_key); |
579 | snprintf(prompt, sizeof(prompt), | 577 | snprintf(prompt, sizeof(prompt), |
580 | "The authenticity of host '%.200s' can't be established.\n" | 578 | "The authenticity of host '%.200s (%s)' can't be established.\n" |
581 | "%s key fingerprint is %s.\n" | 579 | "%s key fingerprint is %s.\n" |
582 | "Are you sure you want to continue connecting (yes/no)? ", | 580 | "Are you sure you want to continue connecting (yes/no)? ", |
583 | host, type, fp); | 581 | host, ip, type, fp); |
584 | if (!read_yes_or_no(prompt, -1)) | 582 | if (!read_yes_or_no(prompt, -1)) |
585 | fatal("Aborted by user!\n"); | 583 | fatal("Aborted by user!\n"); |
586 | } | 584 | } |
@@ -647,6 +645,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
647 | error("Agent forwarding is disabled to avoid trojan horses."); | 645 | error("Agent forwarding is disabled to avoid trojan horses."); |
648 | options.forward_agent = 0; | 646 | options.forward_agent = 0; |
649 | } | 647 | } |
648 | if (options.forward_x11) { | ||
649 | error("X11 forwarding is disabled to avoid trojan horses."); | ||
650 | options.forward_x11 = 0; | ||
651 | } | ||
652 | if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { | ||
653 | error("Port forwarding is disabled to avoid trojan horses."); | ||
654 | options.num_local_forwards = options.num_remote_forwards = 0; | ||
655 | } | ||
650 | /* | 656 | /* |
651 | * XXX Should permit the user to change to use the new id. | 657 | * XXX Should permit the user to change to use the new id. |
652 | * This could be done by converting the host key to an | 658 | * This could be done by converting the host key to an |
@@ -656,8 +662,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
656 | */ | 662 | */ |
657 | break; | 663 | break; |
658 | } | 664 | } |
659 | if (options.check_host_ip) | 665 | |
660 | xfree(ip); | 666 | xfree(ip); |
661 | } | 667 | } |
662 | 668 | ||
663 | /* | 669 | /* |