version 1.284, 2017/09/01 05:53:56 |
version 1.285, 2017/09/03 23:33:13 |
|
|
if (readonly || want_cert) |
if (readonly || want_cert) |
goto fail; |
goto fail; |
/* The host is new. */ |
/* The host is new. */ |
if (options.strict_host_key_checking == 1) { |
if (options.strict_host_key_checking == |
|
SSH_STRICT_HOSTKEY_YES) { |
/* |
/* |
* User has requested strict host key checking. We |
* User has requested strict host key checking. We |
* will not add the host key automatically. The only |
* will not add the host key automatically. The only |
|
|
error("No %s host key is known for %.200s and you " |
error("No %s host key is known for %.200s and you " |
"have requested strict checking.", type, host); |
"have requested strict checking.", type, host); |
goto fail; |
goto fail; |
} else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == |
|
SSH_STRICT_HOSTKEY_ASK) { |
char msg1[1024], msg2[1024]; |
char msg1[1024], msg2[1024]; |
|
|
if (show_other_keys(host_hostkeys, host_key)) |
if (show_other_keys(host_hostkeys, host_key)) |
|
|
hostkey_trusted = 1; /* user explicitly confirmed */ |
hostkey_trusted = 1; /* user explicitly confirmed */ |
} |
} |
/* |
/* |
* If not in strict mode, add the key automatically to the |
* If in "new" or "off" strict mode, add the key automatically |
* local known_hosts file. |
* to the local known_hosts file. |
*/ |
*/ |
if (options.check_host_ip && ip_status == HOST_NEW) { |
if (options.check_host_ip && ip_status == HOST_NEW) { |
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
|
|
* If strict host key checking is in use, the user will have |
* If strict host key checking is in use, the user will have |
* to edit the key manually and we can only abort. |
* to edit the key manually and we can only abort. |
*/ |
*/ |
if (options.strict_host_key_checking) { |
if (options.strict_host_key_checking != |
|
SSH_STRICT_HOSTKEY_OFF) { |
error("%s host key for %.200s was revoked and you have " |
error("%s host key for %.200s was revoked and you have " |
"requested strict checking.", type, host); |
"requested strict checking.", type, host); |
goto fail; |
goto fail; |
|
|
* If strict host key checking is in use, the user will have |
* If strict host key checking is in use, the user will have |
* to edit the key manually and we can only abort. |
* to edit the key manually and we can only abort. |
*/ |
*/ |
if (options.strict_host_key_checking) { |
if (options.strict_host_key_checking != |
|
SSH_STRICT_HOSTKEY_OFF) { |
error("%s host key for %.200s has changed and you have " |
error("%s host key for %.200s has changed and you have " |
"requested strict checking.", type, host); |
"requested strict checking.", type, host); |
goto fail; |
goto fail; |
|
|
"\nMatching host key in %s:%lu", |
"\nMatching host key in %s:%lu", |
host_found->file, host_found->line); |
host_found->file, host_found->line); |
} |
} |
if (options.strict_host_key_checking == 1) { |
if (options.strict_host_key_checking == |
logit("%s", msg); |
SSH_STRICT_HOSTKEY_ASK) { |
error("Exiting, you have requested strict checking."); |
|
goto fail; |
|
} else if (options.strict_host_key_checking == 2) { |
|
strlcat(msg, "\nAre you sure you want " |
strlcat(msg, "\nAre you sure you want " |
"to continue connecting (yes/no)? ", sizeof(msg)); |
"to continue connecting (yes/no)? ", sizeof(msg)); |
if (!confirm(msg)) |
if (!confirm(msg)) |
goto fail; |
goto fail; |
|
} else if (options.strict_host_key_checking != |
|
SSH_STRICT_HOSTKEY_OFF) { |
|
logit("%s", msg); |
|
error("Exiting, you have requested strict checking."); |
|
goto fail; |
} else { |
} else { |
logit("%s", msg); |
logit("%s", msg); |
} |
} |