6 files changed, 45 insertions, 45 deletions

diff --git a/ChangeLog b/ChangeLog
index 70c06d785..5df3f91d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,14 @@
      are of the expected "safe prime" structure and have had
      appropriate primality tests performed;
      feedback and ok dtucker@
+   - grunk@cvs.openbsd.org 2008/06/26 11:46:31
+     [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
+     Move SSH Fingerprint Visualization away from sharing the config option
+     CheckHostIP to an own config option named VisualHostKey.
+     While there, fix the behaviour that ssh would draw a random art picture
+     on every newly seen host even when the option was not enabled.
+     prodded by deraadt@, discussions,
+     help and ok markus@ djm@ dtucker@
 
 20080628
  - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
@@ -4440,4 +4448,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5028 2008/06/29 12:47:04 djm Exp $
+$Id: ChangeLog,v 1.5029 2008/06/29 14:04:03 djm Exp $
diff --git a/readconf.c b/readconf.c
index 1d61145c4..73f6eb361 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,6 +130,7 @@ typedef enum {
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
         oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+        oVisualHostKey,
         oDeprecated, oUnsupported
 } OpCodes;
 
@@ -226,6 +227,7 @@ static struct {
         { "tunneldevice", oTunnelDevice },
         { "localcommand", oLocalCommand },
         { "permitlocalcommand", oPermitLocalCommand },
+        { "visualhostkey", oVisualHostKey },
         { NULL, oBadOption }
 };
 
@@ -452,23 +454,7 @@ parse_flag:
 
         case oCheckHostIP:
                 intptr = &options->check_host_ip;
-                arg = strdelim(&s);
-                if (!arg || *arg == '\0')
-                        fatal("%.200s line %d: Missing CheckHostIP argument.",
-                            filename, linenum);
-                value = 0;      /* To avoid compiler warning... */
-                if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
-                        value = SSHCTL_CHECKHOSTIP_YES;
-                else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
-                        value = SSHCTL_CHECKHOSTIP_NO;
-                else if (strcmp(arg, "fingerprint") == 0)
-                        value = SSHCTL_CHECKHOSTIP_FPR;
-                else
-                        fatal("%.200s line %d: Bad CheckHostIP argument.",
-                            filename, linenum);
-                if (*activep && *intptr == -1)
-                        *intptr = value;
-                break;
+                goto parse_flag;
 
         case oVerifyHostKeyDNS:
                 intptr = &options->verify_host_key_dns;
@@ -931,6 +917,10 @@ parse_int:
                 intptr = &options->permit_local_command;
                 goto parse_flag;
 
+        case oVisualHostKey:
+                intptr = &options->visual_host_key;
+                goto parse_flag;
+
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
@@ -1081,6 +1071,7 @@ initialize_options(Options * options)
         options->tun_remote = -1;
         options->local_command = NULL;
         options->permit_local_command = -1;
+        options->visual_host_key = -1;
 }
 
 /*
@@ -1215,6 +1206,8 @@ fill_default_options(Options * options)
                 options->tun_remote = SSH_TUNID_ANY;
         if (options->permit_local_command == -1)
                 options->permit_local_command = 0;
+        if (options->visual_host_key == -1)
+                options->visual_host_key = 0;
         /* options->local_command should not be set by default */
         /* options->proxy_command should not be set by default */
         /* options->user will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index 5c16a0ba6..47c7aef4e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -120,13 +120,10 @@ typedef struct {
 
         char    *local_command;
         int     permit_local_command;
+        int     visual_host_key;
 
 }       Options;
 
-#define SSHCTL_CHECKHOSTIP_NO   0
-#define SSHCTL_CHECKHOSTIP_YES  1
-#define SSHCTL_CHECKHOSTIP_FPR  2
-
 #define SSHCTL_MASTER_NO        0
 #define SSHCTL_MASTER_YES       1
 #define SSHCTL_MASTER_AUTO      2
diff --git a/ssh.1 b/ssh.1
index e975dae01..6165e2f73 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.274 2008/06/13 20:13:26 grunk Exp $
-.Dd $Mdocdate: June 13 2008 
+.\" $OpenBSD: ssh.1,v 1.275 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1035,9 +1035,9 @@ there is also support to compare host keys visually,
 using
 .Em random art .
 By setting the
-.Cm CheckHostIP
+.Cm VisualHostKey
 option to
-.Dq fingerprint ,
+.Dq yes ,
 a small ASCII graphic gets displayed on every login to a server, no matter
 if the session itself is interactive or not.
 By learning the pattern a known server produces, a user can easily
diff --git a/ssh_config.5 b/ssh_config.5
index 53b3b6f1f..85e7ba06d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.110 2008/06/12 19:10:09 jmc Exp $
-.Dd $Mdocdate: June 12 2008 $
+.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -161,10 +161,6 @@ will additionally check the host IP address in the
 file.
 This allows ssh to detect if a host key changed due to DNS spoofing.
 If the option is set to
-.Dq fingerprint ,
-a fingerprint and an ASCII art representation of the key are printed,
-in addition to the host IP address check.
-If the option is set to
 .Dq no ,
 the check will not be executed.
 The default is
@@ -1064,6 +1060,16 @@ See also
 .Sx VERIFYING HOST KEYS
 in
 .Xr ssh 1 .
+.It Cm VisualHostKey
+If this flag is set to
+.Dq yes ,
+an ASCII art representation of the remote host key fingerprint is
+printed additionally to the hex fingerprint string.
+If this flag is set to
+.Dq no ,
+only the hex fingerprint string will be printed.
+The default is
+.Dq no .
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1
diff --git a/sshconnect.c b/sshconnect.c
index 267670771..9c1550a96 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.208 2008/06/12 23:24:58 ian Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.209 2008/06/26 11:46:31 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -598,7 +598,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
         char msg[1024];
         int len, host_line, ip_line;
         const char *host_file = NULL, *ip_file = NULL;
-        int display_randomart;
 
         /*
          * Force accepting of the host key for loopback/localhost. The
@@ -646,12 +645,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
         }
 
         /*
-         * check_host_ip may be set to zero in the next step, so if it
-         * conveys a request to display the random art, save it away.
-         */
-        display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
-
-        /*
          * Turn off check_host_ip if the connection is to localhost, via proxy
          * command or if we don't have a hostname to compare with
          */
@@ -735,7 +728,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                                 logit("Warning: Permanently added the %s host "
                                     "key for IP address '%.128s' to the list "
                                     "of known hosts.", type, ip);
-                } else if (display_randomart) {
+                } else if (options.visual_host_key) {
                         fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                         ra = key_fingerprint(host_key, SSH_FP_MD5,
                             SSH_FP_RANDOMART);
@@ -793,10 +786,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         snprintf(msg, sizeof(msg),
                             "The authenticity of host '%.200s (%s)' can't be "
                             "established%s\n"
-                            "%s key fingerprint is %s.\n%s\n%s"
+                            "%s key fingerprint is %s.%s%s\n%s"
                             "Are you sure you want to continue connecting "
                             "(yes/no)? ",
-                            host, ip, msg1, type, fp, ra, msg2);
+                            host, ip, msg1, type, fp,
+                            options.visual_host_key ? "\n" : "",
+                            options.visual_host_key ? ra : "",
+                            msg2);
                         xfree(ra);
                         xfree(fp);
                         if (!confirm(msg))