diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-11-30 22:53:36 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-11-30 22:53:36 +0000 |
commit | 3ce102f751145360dcefc7e8c697372496f4fece (patch) | |
tree | 89fb895878c2b6f7223594cac2a61fa72eb37615 | |
parent | 2699f5a76be3c2d58dcfa967760cfa378de28056 (diff) |
disable agent/x11/port fwding if hostkey has changed; ok niels@
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index dfc55331abf..64cfec5c30d 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.82 2000/11/29 13:51:27 provos Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -637,6 +637,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Agent forwarding is disabled to avoid trojan horses."); options.forward_agent = 0; } + if (options.forward_x11) { + error("X11 forwarding is disabled to avoid trojan horses."); + options.forward_x11 = 0; + } + if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { + error("Port forwarding is disabled to avoid trojan horses."); + options.num_local_forwards = options.num_remote_forwards = 0; + } /* * XXX Should permit the user to change to use the new id. * This could be done by converting the host key to an |