diff options
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sshconnect.c b/sshconnect.c index 6fc3fa520..ae3b642cb 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.256 2015/01/20 23:14:00 deraadt Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.257 2015/01/26 03:04:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -818,6 +818,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
818 | int len, cancelled_forwarding = 0; | 818 | int len, cancelled_forwarding = 0; |
819 | int local = sockaddr_is_local(hostaddr); | 819 | int local = sockaddr_is_local(hostaddr); |
820 | int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; | 820 | int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; |
821 | int hostkey_trusted = 0; /* Known or explicitly accepted by user */ | ||
821 | struct hostkeys *host_hostkeys, *ip_hostkeys; | 822 | struct hostkeys *host_hostkeys, *ip_hostkeys; |
822 | u_int i; | 823 | u_int i; |
823 | 824 | ||
@@ -926,6 +927,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
926 | free(ra); | 927 | free(ra); |
927 | free(fp); | 928 | free(fp); |
928 | } | 929 | } |
930 | hostkey_trusted = 1; | ||
929 | break; | 931 | break; |
930 | case HOST_NEW: | 932 | case HOST_NEW: |
931 | if (options.host_key_alias == NULL && port != 0 && | 933 | if (options.host_key_alias == NULL && port != 0 && |
@@ -989,6 +991,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
989 | free(fp); | 991 | free(fp); |
990 | if (!confirm(msg)) | 992 | if (!confirm(msg)) |
991 | goto fail; | 993 | goto fail; |
994 | hostkey_trusted = 1; /* user explicitly confirmed */ | ||
992 | } | 995 | } |
993 | /* | 996 | /* |
994 | * If not in strict mode, add the key automatically to the | 997 | * If not in strict mode, add the key automatically to the |
@@ -1187,6 +1190,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
1187 | } | 1190 | } |
1188 | } | 1191 | } |
1189 | 1192 | ||
1193 | if (!hostkey_trusted && options.update_hostkeys) { | ||
1194 | debug("%s: hostkey not known or explicitly trusted: " | ||
1195 | "disabling UpdateHostkeys", __func__); | ||
1196 | options.update_hostkeys = 0; | ||
1197 | } | ||
1198 | |||
1190 | free(ip); | 1199 | free(ip); |
1191 | free(host); | 1200 | free(host); |
1192 | if (host_hostkeys != NULL) | 1201 | if (host_hostkeys != NULL) |