diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-28 14:25:04 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-12-28 14:25:04 +0000 |
commit | 2b829e4616bee60f9d853b6fde9040cee82f20cf (patch) | |
tree | 76cff5bd8cbff7e0431b269f98d3f3e8227b08f2 /usr.bin | |
parent | 37256f48fb97ca96b0cacb122a09b0475c6d822c (diff) |
fingerprint for MITM attacks, too
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 5672ff939ff..c8db7a8121c 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.86 2000/12/27 12:30:20 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.87 2000/12/28 14:25:03 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -597,12 +597,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, } else if (options.strict_host_key_checking == 2) { /* The default */ char prompt[1024]; - char *fp = key_fingerprint(host_key); snprintf(prompt, sizeof(prompt), "The authenticity of host '%.200s (%s)' can't be established.\n" "%s key fingerprint is %s.\n" "Are you sure you want to continue connecting (yes/no)? ", - host, ip, type, fp); + host, ip, type, key_fingerprint(host_key)); if (!read_yes_or_no(prompt, -1)) fatal("Aborted by user!\n"); } @@ -647,9 +646,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); error("It is also possible that the %s host key has just been changed.", type); + error("The fingerprint for the %s key sent by the remote host is\n%s.", + type, key_fingerprint(host_key)); error("Please contact your system administrator."); error("Add correct host key in %.100s to get rid of this message.", - user_hostfile); + user_hostfile); error("Offending key in %s:%d", host_file, host_line); /* |