Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_2_6
Revision 1.3 / (download) - annotate - [select for diffs], Sun Oct 3 21:50:03 1999 UTC (24 years, 8 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.2: +3 -11 lines
Diff to previous 1.2 (colored)
add code to detect DNS spoofing: the main idea is to not only store the host key for the hostname but also for the according IP address. When we check the host key in the known_hosts file, we also check the key against the according IP address. When the server key changes, host_status = HOST_CHANGED. If check_host_in_hostfile() returns differing status for the IP address that means that either DNS was spoofed or that the IP address for the host and the host key changed at the same time.