summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--ssh.c9
2 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2467840e0..b0f82de2f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,13 @@
67 [auth1.c auth2-none.c] 67 [auth1.c auth2-none.c]
68 skip the initial check for access with an empty password when 68 skip the initial check for access with an empty password when
69 PermitEmptyPasswords=no; bz#1638; ok markus@ 69 PermitEmptyPasswords=no; bz#1638; ok markus@
70 - djm@cvs.openbsd.org 2010/06/25 23:10:30
71 [ssh.c]
72 log the hostname and address that we connected to at LogLevel=verbose
73 after authentication is successful to mitigate "phishing" attacks by
74 servers with trusted keys that accept authentication silently and
75 automatically before presenting fake password/passphrase prompts;
76 "nice!" markus@
70 77
7120100622 7820100622
72 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 79 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
diff --git a/ssh.c b/ssh.c
index 228afecf4..6537ad9a2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.338 2010/05/16 12:55:51 markus Exp $ */ 1/* $OpenBSD: ssh.c,v 1.339 2010/06/25 23:10:30 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -829,6 +829,13 @@ main(int ac, char **av)
829 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, 829 ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
830 pw, timeout_ms); 830 pw, timeout_ms);
831 831
832 if (packet_connection_is_on_socket()) {
833 verbose("Authenticated to %s ([%s]:%d).", host,
834 get_remote_ipaddr(), get_remote_port());
835 } else {
836 verbose("Authenticated to %s (via proxy).", host);
837 }
838
832 /* We no longer need the private host keys. Clear them now. */ 839 /* We no longer need the private host keys. Clear them now. */
833 if (sensitive_data.nkeys != 0) { 840 if (sensitive_data.nkeys != 0) {
834 for (i = 0; i < sensitive_data.nkeys; i++) { 841 for (i = 0; i < sensitive_data.nkeys; i++) {