| version 1.84, 2000/12/20 19:27:55 |
version 1.85, 2000/12/21 15:10:17 |
|
|
| HostStatus ip_status; |
HostStatus ip_status; |
| int local = 0, host_ip_differ = 0; |
int local = 0, host_ip_differ = 0; |
| char ntop[NI_MAXHOST]; |
char ntop[NI_MAXHOST]; |
| |
int host_line = -1, ip_line = -1; |
| |
const char *host_file = NULL, *ip_file = NULL; |
| |
|
| /* |
/* |
| * Force accepting of the host key for loopback/localhost. The |
* Force accepting of the host key for loopback/localhost. The |
|
|
| * Check if the host key is present in the user\'s list of known |
* Check if the host key is present in the user\'s list of known |
| * hosts or in the systemwide list. |
* hosts or in the systemwide list. |
| */ |
*/ |
| host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key); |
host_file = user_hostfile; |
| if (host_status == HOST_NEW) |
host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); |
| host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key); |
if (host_status == HOST_NEW) { |
| |
host_file = system_hostfile; |
| |
host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); |
| |
} |
| /* |
/* |
| * Also perform check for the ip address, skip the check if we are |
* Also perform check for the ip address, skip the check if we are |
| * localhost or the hostname was an ip address to begin with |
* localhost or the hostname was an ip address to begin with |
| */ |
*/ |
| if (options.check_host_ip && !local && strcmp(host, ip)) { |
if (options.check_host_ip && !local && strcmp(host, ip)) { |
| Key *ip_key = key_new(host_key->type); |
Key *ip_key = key_new(host_key->type); |
| ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key); |
|
| |
|
| if (ip_status == HOST_NEW) |
ip_file = user_hostfile; |
| ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key); |
ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); |
| |
if (ip_status == HOST_NEW) { |
| |
ip_file = system_hostfile; |
| |
ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); |
| |
} |
| if (host_status == HOST_CHANGED && |
if (host_status == HOST_CHANGED && |
| (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) |
(ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) |
| host_ip_differ = 1; |
host_ip_differ = 1; |
|
|
| /* The host is known and the key matches. */ |
/* The host is known and the key matches. */ |
| debug("Host '%.200s' is known and matches the %s host key.", |
debug("Host '%.200s' is known and matches the %s host key.", |
| host, type); |
host, type); |
| |
debug("Found key in %s:%d", host_file, host_line); |
| if (options.check_host_ip) { |
if (options.check_host_ip) { |
| if (ip_status == HOST_NEW) { |
if (ip_status == HOST_NEW) { |
| if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
|
|
| else |
else |
| log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", |
log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", |
| type, ip); |
type, ip); |
| } else if (ip_status != HOST_OK) |
} else if (ip_status != HOST_OK) { |
| log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", |
log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", |
| type, host, ip); |
type, host, ip); |
| |
log("Found key in %s:%d", host_file, host_line); |
| |
if (ip_line != -1) |
| |
log("Offending key for IP in %s:%d", ip_file, ip_line); |
| |
} |
| } |
} |
| break; |
break; |
| case HOST_NEW: |
case HOST_NEW: |
|
|
| error("and the key for the according IP address %s", ip); |
error("and the key for the according IP address %s", ip); |
| error("%s. This could either mean that", msg); |
error("%s. This could either mean that", msg); |
| error("DNS SPOOFING is happening or the IP address for the host"); |
error("DNS SPOOFING is happening or the IP address for the host"); |
| error("and its host key have changed at the same time"); |
error("and its host key have changed at the same time."); |
| |
if (ip_line != -1) |
| |
error("Offending key for IP in %s:%d", ip_file, ip_line); |
| } |
} |
| /* The host key has changed. */ |
/* The host key has changed. */ |
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
|
|
| error("Please contact your system administrator."); |
error("Please contact your system administrator."); |
| error("Add correct host key in %.100s to get rid of this message.", |
error("Add correct host key in %.100s to get rid of this message.", |
| user_hostfile); |
user_hostfile); |
| |
error("Offending key in %s:%d", host_file, host_line); |
| |
|
| /* |
/* |
| * If strict host key checking is in use, the user will have |
* If strict host key checking is in use, the user will have |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh