diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2020-10-07 02:26:29 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2020-10-07 02:26:29 +0000 |
| commit | 4d2db323bc8e095d9a4032918b65f31ef31f3eff (patch) | |
| tree | c6cc7e4bf0747b21995f610aa2f9e0f6ffce26b1 | |
| parent | ebc38c6062a1fb3ea594232c5d1393f31744a049 (diff) | |
Disable UpdateHostkeys when hostkey checking fails
If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.
reminded by Mark D. Baushke; ok markus@
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 36f0f433332..62fbbedaedd 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.338 2020/10/07 02:24:51 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.339 2020/10/07 02:26:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1041,6 +1041,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, options.tun_open = SSH_TUNMODE_NO; cancelled_forwarding = 1; } + if (options.update_hostkeys != 0) { + error("UpdateHostkeys is disabled because the host " + "key is not trusted."); + options.update_hostkeys = 0; + } if (options.exit_on_forward_failure && cancelled_forwarding) fatal("Error: forwarding disabled due to host key " "check failure"); |