upstream commit

UpdateHostKeys fixes:

I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@

s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.

Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)

1 files changed, 4 insertions, 4 deletions

diff --git a/monitor.c b/monitor.c
index bc4f039c..8f5ab720 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.144 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -693,7 +693,7 @@ mm_answer_sign(int sock, Buffer *m)
 	u_char *signature;
 	size_t datlen, siglen;
 	int r, keyid, is_proof = 0;
-	const char proof_req[] = "hostkeys-prove@openssh.com";
+	const char proof_req[] = "hostkeys-prove-00@openssh.com";
 
 	debug3("%s", __func__);
 
@@ -723,9 +723,9 @@ mm_answer_sign(int sock, Buffer *m)
 			fatal("%s: no hostkey for index %d", __func__, keyid);
 		if ((sigbuf = sshbuf_new()) == NULL)
 			fatal("%s: sshbuf_new", __func__);
-		if ((r = sshbuf_put_string(sigbuf, session_id2,
+		if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
+		    (r = sshbuf_put_string(sigbuf, session_id2,
 		    session_id2_len) != 0) ||
-		    (r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0)
 			fatal("%s: couldn't prepare private key "
 			    "proof buffer: %s", __func__, ssh_err(r));