===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect.c,v
retrieving revision 1.311
retrieving revision 1.312
diff -u -r1.311 -r1.312
--- src/usr.bin/ssh/sshconnect.c	2019/01/19 21:36:38	1.311
+++ src/usr.bin/ssh/sshconnect.c	2019/01/24 17:00:29	1.312
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -539,22 +539,24 @@
 
 /* defaults to 'no' */
 static int
-confirm(const char *prompt)
+confirm(const char *prompt, const char *fingerprint)
 {
 	const char *msg, *again = "Please type 'yes' or 'no': ";
+	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
 	char *p;
 	int ret = -1;
 
 	if (options.batch_mode)
 		return 0;
-	for (msg = prompt;;msg = again) {
+	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
 		p = read_passphrase(msg, RP_ECHO);
 		if (p == NULL)
 			return 0;
 		p[strcspn(p, "\n")] = '\0';
 		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
 			ret = 0;
-		else if (strcasecmp(p, "yes") == 0)
+		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
+		    strcasecmp(p, fingerprint) == 0))
 			ret = 1;
 		free(p);
 		if (ret != -1)
@@ -666,7 +668,7 @@
 	char msg[1024];
 	const char *type;
 	const struct hostkey_entry *host_found, *ip_found;
-	int len, cancelled_forwarding = 0;
+	int len, cancelled_forwarding = 0, confirmed;
 	int local = sockaddr_is_local(hostaddr);
 	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
 	int hostkey_trusted = 0; /* Known or explicitly accepted by user */
@@ -841,14 +843,15 @@
 			    "established%s\n"
 			    "%s key fingerprint is %s.%s%s\n%s"
 			    "Are you sure you want to continue connecting "
-			    "(yes/no)? ",
+			    "(yes/no/[fingerprint])? ",
 			    host, ip, msg1, type, fp,
 			    options.visual_host_key ? "\n" : "",
 			    options.visual_host_key ? ra : "",
 			    msg2);
 			free(ra);
+			confirmed = confirm(msg, fp);
 			free(fp);
-			if (!confirm(msg))
+			if (!confirmed)
 				goto fail;
 			hostkey_trusted = 1; /* user explicitly confirmed */
 		}
@@ -1042,7 +1045,7 @@
 		    SSH_STRICT_HOSTKEY_ASK) {
 			strlcat(msg, "\nAre you sure you want "
 			    "to continue connecting (yes/no)? ", sizeof(msg));
-			if (!confirm(msg))
+			if (!confirm(msg, NULL))
 				goto fail;
 		} else if (options.strict_host_key_checking !=
 		    SSH_STRICT_HOSTKEY_OFF) {