diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2019-01-24 17:00:30 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2019-01-24 17:00:30 +0000 |
| commit | 23a656296afb66adcb73e2a5cfae4f9289fda759 (patch) | |
| tree | fbdb5584e132bc580b8db16b216d444e5eeebcfa /usr.bin | |
| parent | 8e233d099252e6769c7dd90eefdc88ca19d9db7c (diff) | |
Accept the host key fingerprint as a synonym for "yes" when accepting
an unknown host key. This allows you to paste a fingerprint obtained
out of band into the yes/no prompt and have the client do the comparison
for you. ok markus@ djm@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index e6d2a1fae5d..e8fb1e1efae 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.311 2019/01/19 21:36:38 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.312 2019/01/24 17:00:29 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -539,22 +539,24 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, /* defaults to 'no' */ static int -confirm(const char *prompt) +confirm(const char *prompt, const char *fingerprint) { const char *msg, *again = "Please type 'yes' or 'no': "; + const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; char *p; int ret = -1; if (options.batch_mode) return 0; - for (msg = prompt;;msg = again) { + for (msg = prompt;;msg = fingerprint ? again_fp : again) { p = read_passphrase(msg, RP_ECHO); if (p == NULL) return 0; p[strcspn(p, "\n")] = '\0'; if (p[0] == '\0' || strcasecmp(p, "no") == 0) ret = 0; - else if (strcasecmp(p, "yes") == 0) + else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL && + strcasecmp(p, fingerprint) == 0)) ret = 1; free(p); if (ret != -1) @@ -666,7 +668,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, char msg[1024]; const char *type; const struct hostkey_entry *host_found, *ip_found; - int len, cancelled_forwarding = 0; + int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ @@ -841,14 +843,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, "established%s\n" "%s key fingerprint is %s.%s%s\n%s" "Are you sure you want to continue connecting " - "(yes/no)? ", + "(yes/no/[fingerprint])? ", host, ip, msg1, type, fp, options.visual_host_key ? "\n" : "", options.visual_host_key ? ra : "", msg2); free(ra); + confirmed = confirm(msg, fp); free(fp); - if (!confirm(msg)) + if (!confirmed) goto fail; hostkey_trusted = 1; /* user explicitly confirmed */ } @@ -1042,7 +1045,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, SSH_STRICT_HOSTKEY_ASK) { strlcat(msg, "\nAre you sure you want " "to continue connecting (yes/no)? ", sizeof(msg)); - if (!confirm(msg)) + if (!confirm(msg, NULL)) goto fail; } else if (options.strict_host_key_checking != SSH_STRICT_HOSTKEY_OFF) { |