version 1.144, 2003/06/04 08:25:18 |
version 1.145, 2003/06/11 10:16:16 |
|
|
char *client_version_string = NULL; |
char *client_version_string = NULL; |
char *server_version_string = NULL; |
char *server_version_string = NULL; |
|
|
|
#ifdef DNS |
|
int verified_host_key_dns = 0; |
|
#endif |
|
|
/* import */ |
/* import */ |
extern Options options; |
extern Options options; |
extern char *__progname; |
extern char *__progname; |
|
|
int local = 0, host_ip_differ = 0; |
int local = 0, host_ip_differ = 0; |
char ntop[NI_MAXHOST]; |
char ntop[NI_MAXHOST]; |
char msg[1024]; |
char msg[1024]; |
int len, host_line, ip_line, has_keys; |
int len, host_line, ip_line; |
const char *host_file = NULL, *ip_file = NULL; |
const char *host_file = NULL, *ip_file = NULL; |
|
|
/* |
/* |
|
|
"have requested strict checking.", type, host); |
"have requested strict checking.", type, host); |
goto fail; |
goto fail; |
} else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == 2) { |
has_keys = show_other_keys(host, host_key); |
char msg1[1024], msg2[1024]; |
|
|
|
if (show_other_keys(host, host_key)) |
|
snprintf(msg1, sizeof(msg1), |
|
"\nbut keys of different type are already" |
|
" known for this host."); |
|
else |
|
snprintf(msg1, sizeof(msg1), "."); |
/* The default */ |
/* The default */ |
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
|
msg2[0] = '\0'; |
|
#ifdef DNS |
|
if (options.verify_host_key_dns) { |
|
if (verified_host_key_dns) |
|
snprintf(msg2, sizeof(msg2), |
|
"Matching host key fingerprint" |
|
" found in DNS.\n"); |
|
else |
|
snprintf(msg2, sizeof(msg2), |
|
"No matching host key fingerprint" |
|
" found in DNS.\n"); |
|
} |
|
#endif |
snprintf(msg, sizeof(msg), |
snprintf(msg, sizeof(msg), |
"The authenticity of host '%.200s (%s)' can't be " |
"The authenticity of host '%.200s (%s)' can't be " |
"established%s\n" |
"established%s\n" |
"%s key fingerprint is %s.\n" |
"%s key fingerprint is %s.\n%s" |
"Are you sure you want to continue connecting " |
"Are you sure you want to continue connecting " |
"(yes/no)? ", |
"(yes/no)? ", |
host, ip, |
host, ip, msg1, type, fp, msg2); |
has_keys ? ",\nbut keys of different type are already " |
|
"known for this host." : ".", |
|
type, fp); |
|
xfree(fp); |
xfree(fp); |
if (!confirm(msg)) |
if (!confirm(msg)) |
goto fail; |
goto fail; |
|
|
if (options.verify_host_key_dns) { |
if (options.verify_host_key_dns) { |
switch(verify_host_key_dns(host, hostaddr, host_key)) { |
switch(verify_host_key_dns(host, hostaddr, host_key)) { |
case DNS_VERIFY_OK: |
case DNS_VERIFY_OK: |
|
#ifdef DNSSEC |
return 0; |
return 0; |
|
#else |
|
verified_host_key_dns = 1; |
|
break; |
|
#endif |
case DNS_VERIFY_FAILED: |
case DNS_VERIFY_FAILED: |
return -1; |
return -1; |
case DNS_VERIFY_ERROR: |
case DNS_VERIFY_ERROR: |