src/usr.bin/ssh/sshconnect.c - diff

Return to sshconnect.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect.c between version 1.87 and 1.88

version 1.87, 2000/12/28 14:25:03

version 1.88, 2001/01/02 20:50:56

Line 413

FILE *f;

int retval = -1;

if (isatty(0))

if (isatty(STDIN_FILENO))

f = stdin;

else

f = fopen("/dev/tty", "rw");

Line 467

HostStatus ip_status;

int local = 0, host_ip_differ = 0;

char ntop[NI_MAXHOST];

int host_line = -1, ip_line = -1;

int host_line, ip_line;

const char *host_file = NULL, *ip_file = NULL;

Line 490

local = 0;

break;

}

if (local) {

if (local && options.host_key_alias == NULL) {

if (options.host_key_alias == NULL) {

debug("Forcing accepting of host key for "

"loopback/localhost.");

return;

}

if (options.check_host_ip)

options.check_host_ip = 0;

}

* Turn off check_host_ip for proxy connects, since

* We don't have the remote ip-address for connections

* we don't have the remote ip-address

* using a proxy command

if (options.proxy_command != NULL && options.check_host_ip)

options.check_host_ip = 0;

if (options.proxy_command == NULL) {

if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),

NULL, 0, NI_NUMERICHOST) != 0)

Line 515

Line 508

} else {

ip = xstrdup("<no hostip for proxy command>");

}

* Turn off check_host_ip if the connection is to localhost, via proxy

* command or if we don't have a hostname to compare with

if (options.check_host_ip &&

(local || strcmp(host, ip) == 0 || options.proxy_command != NULL))

options.check_host_ip = 0;

* Allow the user to record the key under a different name. This is

Line 546

* Also perform check for the ip address, skip the check if we are

* localhost or the hostname was an ip address to begin with

if (options.check_host_ip && !local && strcmp(host, ip)) {

if (options.check_host_ip) {

Key *ip_key = key_new(host_key->type);

ip_file = user_hostfile;

Line 571

debug("Host '%.200s' is known and matches the %s host key.",

host, type);

debug("Found key in %s:%d", host_file, host_line);

if (options.check_host_ip) {

if (options.check_host_ip && ip_status == HOST_NEW) {

if (ip_status == HOST_NEW) {

if (!add_host_to_hostfile(user_hostfile, ip, host_key))

log("Failed to add the %s host key for IP address '%.30s' to the list of known hosts (%.30s).",

type, ip, user_hostfile);

else

log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.",

type, ip);

} else if (ip_status != HOST_OK) {

log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'",

type, host, ip);

log("Found key in %s:%d", host_file, host_line);

if (ip_line != -1)

log("Offending key for IP in %s:%d", ip_file, ip_line);

}

break;

case HOST_NEW:

Line 605

Line 597

if (!read_yes_or_no(prompt, -1))

fatal("Aborted by user!\n");

}

if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) {

if (options.check_host_ip && ip_status == HOST_NEW) {

snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);

hostp = hostline;

} else

Line 636

Line 628

error("%s. This could either mean that", msg);

error("DNS SPOOFING is happening or the IP address for the host");

error("and its host key have changed at the same time.");

if (ip_line != -1)

if (ip_status != HOST_NEW)

error("Offending key for IP in %s:%d", ip_file, ip_line);

}

/* The host key has changed. */

Line 689

Line 681

* accept the authentication.

break;

}

if (options.check_host_ip && host_status != HOST_CHANGED &&

ip_status == HOST_CHANGED) {

log("Warning: the %s host key for '%.200s' "

"differs from the key for the IP address '%.30s'",

type, host, ip);

if (host_status == HOST_OK)

log("Matching host key in %s:%d", host_file, host_line);

log("Offending key for IP in %s:%d", ip_file, ip_line);

if (options.strict_host_key_checking == 1) {

fatal("Exiting, you have requested strict checking.");

} else if (options.strict_host_key_checking == 2) {

if (!read_yes_or_no("Continue?", -1))

fatal("Aborted by user!\n");

}

xfree(ip);