diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshconnect.c | 37 |
2 files changed, 29 insertions, 14 deletions
@@ -4,7 +4,9 @@ | |||
4 | [auth-chall.c] | 4 | [auth-chall.c] |
5 | make this a little more idiot-proof; ok markus@ | 5 | make this a little more idiot-proof; ok markus@ |
6 | (includes portable-specific changes) | 6 | (includes portable-specific changes) |
7 | 7 | - jakob@cvs.openbsd.org 2003/11/03 09:09:41 | |
8 | [sshconnect.c] | ||
9 | move changed key warning into warn_changed_key(). ok markus@ | ||
8 | 10 | ||
9 | 20031115 | 11 | 20031115 |
10 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and | 12 | - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and |
@@ -1425,4 +1427,4 @@ | |||
1425 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1427 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1426 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1428 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1427 | 1429 | ||
1428 | $Id: ChangeLog,v 1.3098 2003/11/17 10:09:50 djm Exp $ | 1430 | $Id: ChangeLog,v 1.3099 2003/11/17 10:10:47 djm Exp $ |
diff --git a/sshconnect.c b/sshconnect.c index 2c028f3a6..3c8f480ed 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -52,6 +52,7 @@ extern pid_t proxy_command_pid; | |||
52 | #endif | 52 | #endif |
53 | 53 | ||
54 | static int show_other_keys(const char *, Key *); | 54 | static int show_other_keys(const char *, Key *); |
55 | static void warn_changed_key(Key *); | ||
55 | 56 | ||
56 | /* | 57 | /* |
57 | * Connect to the given ssh server using a proxy command. | 58 | * Connect to the given ssh server using a proxy command. |
@@ -785,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
785 | error("Offending key for IP in %s:%d", ip_file, ip_line); | 786 | error("Offending key for IP in %s:%d", ip_file, ip_line); |
786 | } | 787 | } |
787 | /* The host key has changed. */ | 788 | /* The host key has changed. */ |
788 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | 789 | warn_changed_key(host_key); |
789 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
790 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | ||
791 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
792 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); | ||
793 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | ||
794 | error("It is also possible that the %s host key has just been changed.", type); | ||
795 | error("The fingerprint for the %s key sent by the remote host is\n%s.", | ||
796 | type, fp); | ||
797 | error("Please contact your system administrator."); | ||
798 | error("Add correct host key in %.100s to get rid of this message.", | 790 | error("Add correct host key in %.100s to get rid of this message.", |
799 | user_hostfile); | 791 | user_hostfile); |
800 | error("Offending key in %s:%d", host_file, host_line); | 792 | error("Offending key in %s:%d", host_file, host_line); |
801 | xfree(fp); | ||
802 | 793 | ||
803 | /* | 794 | /* |
804 | * If strict host key checking is in use, the user will have | 795 | * If strict host key checking is in use, the user will have |
@@ -1045,3 +1036,25 @@ show_other_keys(const char *host, Key *key) | |||
1045 | } | 1036 | } |
1046 | return (found); | 1037 | return (found); |
1047 | } | 1038 | } |
1039 | |||
1040 | static void | ||
1041 | warn_changed_key(Key *host_key) | ||
1042 | { | ||
1043 | char *fp; | ||
1044 | char *type = key_type(host_key); | ||
1045 | |||
1046 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | ||
1047 | |||
1048 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
1049 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | ||
1050 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | ||
1051 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); | ||
1052 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | ||
1053 | error("It is also possible that the %s host key has just been changed.", type); | ||
1054 | error("The fingerprint for the %s key sent by the remote host is\n%s.", | ||
1055 | type, fp); | ||
1056 | error("Please contact your system administrator."); | ||
1057 | |||
1058 | xfree(fp); | ||
1059 | xfree(type); | ||
1060 | } | ||