| version 1.144, 2003/06/04 08:25:18 |
version 1.145, 2003/06/11 10:16:16 |
|
|
| char *client_version_string = NULL; |
char *client_version_string = NULL; |
| char *server_version_string = NULL; |
char *server_version_string = NULL; |
| |
|
| |
#ifdef DNS |
| |
int verified_host_key_dns = 0; |
| |
#endif |
| |
|
| /* import */ |
/* import */ |
| extern Options options; |
extern Options options; |
| extern char *__progname; |
extern char *__progname; |
|
|
| int local = 0, host_ip_differ = 0; |
int local = 0, host_ip_differ = 0; |
| char ntop[NI_MAXHOST]; |
char ntop[NI_MAXHOST]; |
| char msg[1024]; |
char msg[1024]; |
| int len, host_line, ip_line, has_keys; |
int len, host_line, ip_line; |
| const char *host_file = NULL, *ip_file = NULL; |
const char *host_file = NULL, *ip_file = NULL; |
| |
|
| /* |
/* |
|
|
| "have requested strict checking.", type, host); |
"have requested strict checking.", type, host); |
| goto fail; |
goto fail; |
| } else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == 2) { |
| has_keys = show_other_keys(host, host_key); |
char msg1[1024], msg2[1024]; |
| |
|
| |
if (show_other_keys(host, host_key)) |
| |
snprintf(msg1, sizeof(msg1), |
| |
"\nbut keys of different type are already" |
| |
" known for this host."); |
| |
else |
| |
snprintf(msg1, sizeof(msg1), "."); |
| /* The default */ |
/* The default */ |
| fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
| |
msg2[0] = '\0'; |
| |
#ifdef DNS |
| |
if (options.verify_host_key_dns) { |
| |
if (verified_host_key_dns) |
| |
snprintf(msg2, sizeof(msg2), |
| |
"Matching host key fingerprint" |
| |
" found in DNS.\n"); |
| |
else |
| |
snprintf(msg2, sizeof(msg2), |
| |
"No matching host key fingerprint" |
| |
" found in DNS.\n"); |
| |
} |
| |
#endif |
| snprintf(msg, sizeof(msg), |
snprintf(msg, sizeof(msg), |
| "The authenticity of host '%.200s (%s)' can't be " |
"The authenticity of host '%.200s (%s)' can't be " |
| "established%s\n" |
"established%s\n" |
| "%s key fingerprint is %s.\n" |
"%s key fingerprint is %s.\n%s" |
| "Are you sure you want to continue connecting " |
"Are you sure you want to continue connecting " |
| "(yes/no)? ", |
"(yes/no)? ", |
| host, ip, |
host, ip, msg1, type, fp, msg2); |
| has_keys ? ",\nbut keys of different type are already " |
|
| "known for this host." : ".", |
|
| type, fp); |
|
| xfree(fp); |
xfree(fp); |
| if (!confirm(msg)) |
if (!confirm(msg)) |
| goto fail; |
goto fail; |
|
|
| if (options.verify_host_key_dns) { |
if (options.verify_host_key_dns) { |
| switch(verify_host_key_dns(host, hostaddr, host_key)) { |
switch(verify_host_key_dns(host, hostaddr, host_key)) { |
| case DNS_VERIFY_OK: |
case DNS_VERIFY_OK: |
| |
#ifdef DNSSEC |
| return 0; |
return 0; |
| |
#else |
| |
verified_host_key_dns = 1; |
| |
break; |
| |
#endif |
| case DNS_VERIFY_FAILED: |
case DNS_VERIFY_FAILED: |
| return -1; |
return -1; |
| case DNS_VERIFY_ERROR: |
case DNS_VERIFY_ERROR: |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh