[openssh-commits] [openssh] 01/02: upstream: enable UpdateKnownHosts=yes if the configuration

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jan 31 09:27:21 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d53a518536c552672c00e8892e2aea28f664148c
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 30 22:19:32 2020 +0000

    upstream: enable UpdateKnownHosts=yes if the configuration
    
    specifies only the default known_hosts files, otherwise select
    UpdateKnownHosts=ask; ok markus@
    
    OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
---
 readconf.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/readconf.c b/readconf.c
index 36312d58..a6a16018 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.323 2020/01/25 00:22:31 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.324 2020/01/30 22:19:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2110,6 +2110,19 @@ fill_default_options(Options * options)
 		options->system_hostfiles[options->num_system_hostfiles++] =
 		    xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
 	}
+	if (options->update_hostkeys == -1) {
+		/*
+		 * Enable UpdateHostKeys non-interactively if the user has
+		 * not overridden the default known_hosts selection, or has
+		 * overridden it with the default. Otherwise, prompt.
+		 */
+		if (options->num_user_hostfiles == 0 ||
+		    (options->num_user_hostfiles == 1 && strcmp(options->
+		    user_hostfiles[0], _PATH_SSH_USER_HOSTFILE) == 0))
+			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES;
+		else
+			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_ASK;
+	}
 	if (options->num_user_hostfiles == 0) {
 		options->user_hostfiles[options->num_user_hostfiles++] =
 		    xstrdup(_PATH_SSH_USER_HOSTFILE);
@@ -2170,8 +2183,6 @@ fill_default_options(Options * options)
 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
 	if (options->fingerprint_hash == -1)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
-	if (options->update_hostkeys == -1)
-		options->update_hostkeys = SSH_UPDATE_HOSTKEYS_ASK;
 #ifdef ENABLE_SK_INTERNAL
 	if (options->sk_provider == NULL)
 		options->sk_provider = xstrdup("internal");

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list