[Bug 112] New: Using host key fingerprint instead of "yes"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 13 11:33:08 EST 2002 

http://bugzilla.mindrot.org/show_bug.cgi?id=112

           Summary: Using host key fingerprint instead of "yes"
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: peak at argo.troja.mff.cuni.cz


I am too paranoid to say "yes, continue connecting" blindly (yes, I know I am
wierd <g>) but I am also too lazy to compare fingerprints manually or keep
known_hosts on all my machines synchronized. Fortunately, I have found a way to
make my life easier: if I patch ssh to interpret a matching fingerprint as
"yes", I can copy & paste the expected fingerprint from a different place (file,
ssh-keygen -l on another machine) with several mouse movements and let ssh do
the hard work itself. :)

Well, I do not really think you will make such a change in the official version.
Anyway, here is a patch I made just in case someone finds it useful:

diff -urN openssh-3.0.2p1.old/sshconnect.c openssh-3.0.2p1/sshconnect.c
--- openssh-3.0.2p1.old/sshconnect.c	Wed Oct 10 07:07:45 2001
+++ openssh-3.0.2p1/sshconnect.c	Wed Feb  6 02:19:58 2002
@@ -487,7 +487,7 @@
 
 /* defaults to 'no' */
 static int
-confirm(const char *prompt)
+confirm(const char *prompt, const char *altyes)
 {
 	char buf[1024];
 	FILE *f;
@@ -515,6 +515,8 @@
 			retval = 1;
 		else if (strcmp(buf, "no") == 0)
 			retval = 0;
+		else if (altyes != NULL && strcmp(buf, altyes) == 0)
+			retval = 1;
 		else
 			fprintf(stderr, "Please type 'yes' or 'no': ");
 
@@ -697,10 +699,11 @@
 			    "%s key fingerprint is %s.\n"
 			    "Are you sure you want to continue connecting "
 			    "(yes/no)? ", host, ip, type, fp);
-			xfree(fp);
-			if (!confirm(prompt)) {
+			if (!confirm(prompt, fp)) {
+				xfree(fp);
 				goto fail;
 			}
+			xfree(fp);
 		}
 		if (options.check_host_ip && ip_status == HOST_NEW) {
 			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
@@ -815,7 +818,7 @@
 			goto fail;
 		} else if (options.strict_host_key_checking == 2) {
 			if (!confirm("Are you sure you want " 
-			    "to continue connecting (yes/no)? ")) {
+			    "to continue connecting (yes/no)? ", NULL)) {
 				goto fail;
 			}
 		}



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list