diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-17 17:29:08 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-17 17:29:08 +1100 |
commit | 10f6f6ba9ee14d306f8780edee8a10640c1643e0 (patch) | |
tree | 859600c705d582b147162d73746cb2f39b59ed58 /sshconnect.c | |
parent | d743bba481056ba3d1c229c18fd42c6bdc3f8d74 (diff) |
- Merged OpenBSD CVS changes
- [ChangeLog.Ylonen] noone needs this anymore
- [authfd.c] close-on-exec for auth-socket, ok deraadt
- [hostfile.c]
in known_hosts key lookup the entry for the bits does not need
to match, all the information is contained in n and e. This
solves the problem with buggy servers announcing the wrong
modulus length. markus and me.
- [serverloop.c]
bugfix: check for space if child has terminated, from:
iedowse@maths.tcd.ie
- [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
[fingerprint.c fingerprint.h]
rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
- [ssh-agent.1] typo
- [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
- [sshd.c]
force logging to stderr while loading private key file
(lost while converting to new log-levels)
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/sshconnect.c b/sshconnect.c index 17c660979..be0a6c4b9 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -15,7 +15,7 @@ login (authentication) dialog. | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: sshconnect.c,v 1.9 1999/11/16 02:37:17 damien Exp $"); | 18 | RCSID("$Id: sshconnect.c,v 1.10 1999/11/17 06:29:08 damien Exp $"); |
19 | 19 | ||
20 | #ifdef HAVE_OPENSSL | 20 | #ifdef HAVE_OPENSSL |
21 | #include <openssl/bn.h> | 21 | #include <openssl/bn.h> |
@@ -1081,9 +1081,9 @@ void ssh_login(int host_key_valid, | |||
1081 | 1081 | ||
1082 | rbits = BN_num_bits(public_key->n); | 1082 | rbits = BN_num_bits(public_key->n); |
1083 | if (bits != rbits) { | 1083 | if (bits != rbits) { |
1084 | log("Warning: Server lies about size of server public key,"); | 1084 | log("Warning: Server lies about size of server public key: " |
1085 | log("Warning: this may be due to an old implementation of ssh."); | 1085 | "actual size is %d bits vs. announced %d.", rbits, bits); |
1086 | log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits); | 1086 | log("Warning: This may be due to an old implementation of ssh."); |
1087 | } | 1087 | } |
1088 | 1088 | ||
1089 | /* Get the host key. */ | 1089 | /* Get the host key. */ |
@@ -1098,9 +1098,9 @@ void ssh_login(int host_key_valid, | |||
1098 | 1098 | ||
1099 | rbits = BN_num_bits(host_key->n); | 1099 | rbits = BN_num_bits(host_key->n); |
1100 | if (bits != rbits) { | 1100 | if (bits != rbits) { |
1101 | log("Warning: Server lies about size of server host key,"); | 1101 | log("Warning: Server lies about size of server host key: " |
1102 | log("Warning: this may be due to an old implementation of ssh."); | 1102 | "actual size is %d bits vs. announced %d.", rbits, bits); |
1103 | log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits); | 1103 | log("Warning: This may be due to an old implementation of ssh."); |
1104 | } | 1104 | } |
1105 | 1105 | ||
1106 | /* Store the host key from the known host file in here | 1106 | /* Store the host key from the known host file in here |
@@ -1205,10 +1205,12 @@ void ssh_login(int host_key_valid, | |||
1205 | fatal("No host key is known for %.200s and you have requested strict checking.", host); | 1205 | fatal("No host key is known for %.200s and you have requested strict checking.", host); |
1206 | } else if (options.strict_host_key_checking == 2) { /* The default */ | 1206 | } else if (options.strict_host_key_checking == 2) { /* The default */ |
1207 | char prompt[1024]; | 1207 | char prompt[1024]; |
1208 | char *fp = fingerprint(host_key->e, host_key->n); | ||
1208 | snprintf(prompt, sizeof(prompt), | 1209 | snprintf(prompt, sizeof(prompt), |
1209 | "The authenticity of host '%.200s' can't be established.\n" | 1210 | "The authenticity of host '%.200s' can't be established.\n" |
1210 | "Are you sure you want to continue connecting (yes/no)? ", | 1211 | "Key fingerprint is %d %s.\n" |
1211 | host); | 1212 | "Are you sure you want to continue connecting (yes/no)? ", |
1213 | host, BN_num_bits(host_key->n), fp); | ||
1212 | if (!read_yes_or_no(prompt, -1)) | 1214 | if (!read_yes_or_no(prompt, -1)) |
1213 | fatal("Aborted by user!\n"); | 1215 | fatal("Aborted by user!\n"); |
1214 | } | 1216 | } |