version 1.283, 2017/07/01 13:50:45 |
version 1.284, 2017/09/01 05:53:56 |
|
|
|
|
static int show_other_keys(struct hostkeys *, struct sshkey *); |
static int show_other_keys(struct hostkeys *, struct sshkey *); |
static void warn_changed_key(struct sshkey *); |
static void warn_changed_key(struct sshkey *); |
|
static void warn_missing_key(struct sshkey *); |
|
|
/* Expand a proxy command */ |
/* Expand a proxy command */ |
static char * |
static char * |
|
|
free(ra); |
free(ra); |
free(fp); |
free(fp); |
} |
} |
|
if (options.verify_host_key_dns && |
|
options.strict_host_key_checking && |
|
!matching_host_key_dns) { |
|
snprintf(msg, sizeof(msg), |
|
"Are you sure you want to continue connecting " |
|
"(yes/no)? "); |
|
if (!confirm(msg)) |
|
goto fail; |
|
msg[0] = '\0'; |
|
} |
hostkey_trusted = 1; |
hostkey_trusted = 1; |
break; |
break; |
case HOST_NEW: |
case HOST_NEW: |
|
|
if (flags & DNS_VERIFY_MATCH) { |
if (flags & DNS_VERIFY_MATCH) { |
matching_host_key_dns = 1; |
matching_host_key_dns = 1; |
} else { |
} else { |
warn_changed_key(plain); |
if (flags & DNS_VERIFY_MISSING) { |
error("Update the SSHFP RR in DNS " |
warn_missing_key(plain); |
"with the new host key to get rid " |
error("Add this host key to " |
"of this message."); |
"the SSHFP RR in DNS to get rid " |
|
"of this message."); |
|
} else { |
|
warn_changed_key(plain); |
|
error("Update the SSHFP RR in DNS " |
|
"with the new host key to get rid " |
|
"of this message."); |
|
} |
} |
} |
} |
} |
} |
} |
|
|
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
error("It is also possible that a host key has just been changed."); |
error("It is also possible that a host key has just been changed."); |
error("The fingerprint for the %s key sent by the remote host is\n%s.", |
error("The fingerprint for the %s key sent by the remote host is\n%s.", |
key_type(host_key), fp); |
sshkey_type(host_key), fp); |
error("Please contact your system administrator."); |
error("Please contact your system administrator."); |
|
|
free(fp); |
free(fp); |
} |
} |
|
|
|
static void |
|
warn_missing_key(struct sshkey *host_key) |
|
{ |
|
char *fp; |
|
|
|
fp = sshkey_fingerprint(host_key, options.fingerprint_hash, |
|
SSH_FP_DEFAULT); |
|
if (fp == NULL) |
|
fatal("%s: sshkey_fingerprint fail", __func__); |
|
|
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
|
error("@ WARNING: REMOTE HOST IDENTIFICATION IS MISSING @"); |
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
|
error("The fingerprint for the %s key sent by the remote host is\n%s.", |
|
sshkey_type(host_key), fp); |
|
error("Please contact your system administrator."); |
|
|
|
free(fp); |
|
} |
/* |
/* |
* Execute a local command |
* Execute a local command |
*/ |
*/ |