diff options
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c index 21c5203c6..06844eb71 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.193 2006/07/22 20:48:23 stevesk Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.194 2006/07/24 13:58:22 stevesk Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -782,7 +782,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
782 | /* | 782 | /* |
783 | * If strict host key checking has not been requested, allow | 783 | * If strict host key checking has not been requested, allow |
784 | * the connection but without MITM-able authentication or | 784 | * the connection but without MITM-able authentication or |
785 | * agent forwarding. | 785 | * forwarding. |
786 | */ | 786 | */ |
787 | if (options.password_authentication) { | 787 | if (options.password_authentication) { |
788 | error("Password authentication is disabled to avoid " | 788 | error("Password authentication is disabled to avoid " |
@@ -817,6 +817,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
817 | options.num_local_forwards = | 817 | options.num_local_forwards = |
818 | options.num_remote_forwards = 0; | 818 | options.num_remote_forwards = 0; |
819 | } | 819 | } |
820 | if (options.tun_open != SSH_TUNMODE_NO) { | ||
821 | error("Tunnel forwarding is disabled to avoid " | ||
822 | "man-in-the-middle attacks."); | ||
823 | options.tun_open = SSH_TUNMODE_NO; | ||
824 | } | ||
820 | /* | 825 | /* |
821 | * XXX Should permit the user to change to use the new id. | 826 | * XXX Should permit the user to change to use the new id. |
822 | * This could be done by converting the host key to an | 827 | * This could be done by converting the host key to an |