| version 1.71, 2000/04/26 21:28:33 |
version 1.72, 2000/05/04 09:50:22 |
|
|
| const char *user_hostfile, const char *system_hostfile) |
const char *user_hostfile, const char *system_hostfile) |
| { |
{ |
| Key *file_key; |
Key *file_key; |
| |
char *type = key_type(host_key); |
| char *ip = NULL; |
char *ip = NULL; |
| char hostline[1000], *hostp; |
char hostline[1000], *hostp; |
| HostStatus host_status; |
HostStatus host_status; |
|
|
| switch (host_status) { |
switch (host_status) { |
| case HOST_OK: |
case HOST_OK: |
| /* The host is known and the key matches. */ |
/* The host is known and the key matches. */ |
| debug("Host '%.200s' is known and matches the host key.", host); |
debug("Host '%.200s' is known and matches the %s host key.", |
| |
host, type); |
| if (options.check_host_ip) { |
if (options.check_host_ip) { |
| if (ip_status == HOST_NEW) { |
if (ip_status == HOST_NEW) { |
| if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
| log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).", |
log("Failed to add the %s host key for IP address '%.30s' to the list of known hosts (%.30s).", |
| ip, user_hostfile); |
type, ip, user_hostfile); |
| else |
else |
| log("Warning: Permanently added host key for IP address '%.30s' to the list of known hosts.", |
log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", |
| ip); |
type, ip); |
| } else if (ip_status != HOST_OK) |
} else if (ip_status != HOST_OK) |
| log("Warning: the host key for '%.200s' differs from the key for the IP address '%.30s'", |
log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", |
| host, ip); |
type, host, ip); |
| } |
} |
| break; |
break; |
| case HOST_NEW: |
case HOST_NEW: |
|
|
| if (options.strict_host_key_checking == 1) { |
if (options.strict_host_key_checking == 1) { |
| /* User has requested strict host key checking. We will not add the host key |
/* User has requested strict host key checking. We will not add the host key |
| automatically. The only alternative left is to abort. */ |
automatically. The only alternative left is to abort. */ |
| fatal("No host key is known for %.200s and you have requested strict checking.", host); |
fatal("No %s host key is known for %.200s and you have requested strict checking.", type, host); |
| } else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == 2) { |
| /* The default */ |
/* The default */ |
| char prompt[1024]; |
char prompt[1024]; |
| char *fp = key_fingerprint(host_key); |
char *fp = key_fingerprint(host_key); |
| snprintf(prompt, sizeof(prompt), |
snprintf(prompt, sizeof(prompt), |
| "The authenticity of host '%.200s' can't be established.\n" |
"The authenticity of host '%.200s' can't be established.\n" |
| "Key fingerprint is %s.\n" |
"%s key fingerprint is %s.\n" |
| "Are you sure you want to continue connecting (yes/no)? ", |
"Are you sure you want to continue connecting (yes/no)? ", |
| host, fp); |
host, type, fp); |
| if (!read_yes_or_no(prompt, -1)) |
if (!read_yes_or_no(prompt, -1)) |
| fatal("Aborted by user!\n"); |
fatal("Aborted by user!\n"); |
| } |
} |
|
|
| log("Failed to add the host to the list of known hosts (%.500s).", |
log("Failed to add the host to the list of known hosts (%.500s).", |
| user_hostfile); |
user_hostfile); |
| else |
else |
| log("Warning: Permanently added '%.200s' to the list of known hosts.", |
log("Warning: Permanently added '%.200s' (%s) to the list of known hosts.", |
| hostp); |
hostp, type); |
| break; |
break; |
| case HOST_CHANGED: |
case HOST_CHANGED: |
| if (options.check_host_ip && host_ip_differ) { |
if (options.check_host_ip && host_ip_differ) { |
|
|
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); |
error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); |
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| error("The host key for %s has changed,", host); |
error("The %s host key for %s has changed,", type, host); |
| error("and the key for the according IP address %s", ip); |
error("and the key for the according IP address %s", ip); |
| error("%s. This could either mean that", msg); |
error("%s. This could either mean that", msg); |
| error("DNS SPOOFING is happening or the IP address for the host"); |
error("DNS SPOOFING is happening or the IP address for the host"); |
|
|
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); |
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); |
| error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
| error("It is also possible that the host key has just been changed."); |
error("It is also possible that the %s host key has just been changed.", type); |
| error("Please contact your system administrator."); |
error("Please contact your system administrator."); |
| error("Add correct host key in %.100s to get rid of this message.", |
error("Add correct host key in %.100s to get rid of this message.", |
| user_hostfile); |
user_hostfile); |
|
|
| * to edit the key manually and we can only abort. |
* to edit the key manually and we can only abort. |
| */ |
*/ |
| if (options.strict_host_key_checking) |
if (options.strict_host_key_checking) |
| fatal("Host key for %.200s has changed and you have requested strict checking.", host); |
fatal("%s host key for %.200s has changed and you have requested strict checking.", type, host); |
| |
|
| /* |
/* |
| * If strict host key checking has not been requested, allow |
* If strict host key checking has not been requested, allow |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh