summaryrefslogtreecommitdiffstats
path: root/sshconnect.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2019-01-24 17:00:29 +0000
committerDarren Tucker <dtucker@dtucker.net>2019-01-25 06:32:14 +1100
commit05b9a466700b44d49492edc2aa415fc2e8913dfe (patch)
tree44dfce8326dc37eb98d29cacba4916e54f4bd15a /sshconnect.c
parentbdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb (diff)
upstream: Accept the host key fingerprint as a synonym for "yes"
when accepting an unknown host key. This allows you to paste a fingerprint obtained out of band into the yes/no prompt and have the client do the comparison for you. ok markus@ djm@ OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c19
1 files changed, 11 insertions, 8 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 1a5f6a4c..955671b4 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -563,22 +563,24 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs,
/* defaults to 'no' */
static int
-confirm(const char *prompt)
+confirm(const char *prompt, const char *fingerprint)
{
const char *msg, *again = "Please type 'yes' or 'no': ";
+ const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
char *p;
int ret = -1;
if (options.batch_mode)
return 0;
- for (msg = prompt;;msg = again) {
+ for (msg = prompt;;msg = fingerprint ? again_fp : again) {
p = read_passphrase(msg, RP_ECHO);
if (p == NULL)
return 0;
p[strcspn(p, "\n")] = '\0';
if (p[0] == '\0' || strcasecmp(p, "no") == 0)
ret = 0;
- else if (strcasecmp(p, "yes") == 0)
+ else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
+ strcasecmp(p, fingerprint) == 0))
ret = 1;
free(p);
if (ret != -1)
@@ -706,7 +708,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
char msg[1024];
const char *type;
const struct hostkey_entry *host_found, *ip_found;
- int len, cancelled_forwarding = 0;
+ int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr);
int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
int hostkey_trusted = 0; /* Known or explicitly accepted by user */
@@ -881,14 +883,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
"established%s\n"
"%s key fingerprint is %s.%s%s\n%s"
"Are you sure you want to continue connecting "
- "(yes/no)? ",
+ "(yes/no/[fingerprint])? ",
host, ip, msg1, type, fp,
options.visual_host_key ? "\n" : "",
options.visual_host_key ? ra : "",
msg2);
free(ra);
+ confirmed = confirm(msg, fp);
free(fp);
- if (!confirm(msg))
+ if (!confirmed)
goto fail;
hostkey_trusted = 1; /* user explicitly confirmed */
}
@@ -1082,7 +1085,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
SSH_STRICT_HOSTKEY_ASK) {
strlcat(msg, "\nAre you sure you want "
"to continue connecting (yes/no)? ", sizeof(msg));
- if (!confirm(msg))
+ if (!confirm(msg, NULL))
goto fail;
} else if (options.strict_host_key_checking !=
SSH_STRICT_HOSTKEY_OFF) {