summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2000-11-30 22:53:36 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2000-11-30 22:53:36 +0000
commit3ce102f751145360dcefc7e8c697372496f4fece (patch)
tree89fb895878c2b6f7223594cac2a61fa72eb37615
parent2699f5a76be3c2d58dcfa967760cfa378de28056 (diff)
disable agent/x11/port fwding if hostkey has changed; ok niels@
-rw-r--r--usr.bin/ssh/sshconnect.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index dfc55331abf..64cfec5c30d 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.82 2000/11/29 13:51:27 provos Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -637,6 +637,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
error("Agent forwarding is disabled to avoid trojan horses.");
options.forward_agent = 0;
}
+ if (options.forward_x11) {
+ error("X11 forwarding is disabled to avoid trojan horses.");
+ options.forward_x11 = 0;
+ }
+ if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+ error("Port forwarding is disabled to avoid trojan horses.");
+ options.num_local_forwards = options.num_remote_forwards = 0;
+ }
/*
* XXX Should permit the user to change to use the new id.
* This could be done by converting the host key to an