[openssh-commits] [openssh] 01/02: upstream: disable UpdateHostKeys=ask if command is specified; ok

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jan 28 12:52:54 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit da22216b5db3613325aa7b639f40dc017e4c6f69
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Mon Jan 27 20:51:32 2020 +0000

    upstream: disable UpdateHostKeys=ask if command is specified; ok
    
    djm@ sthen@
    
    OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
---
 ssh.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/ssh.c b/ssh.c
index 4998ebc1..380e1e66 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.515 2020/01/25 00:21:08 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.516 2020/01/27 20:51:32 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1248,11 +1248,18 @@ main(int ac, char **av)
 	    strcmp(options.proxy_command, "-") == 0 &&
 	    options.proxy_use_fdpass)
 		fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
-	if (options.control_persist && options.control_path != NULL &&
-	    options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
-		debug("UpdateHostKeys=ask is incompatible with ControlPersist; "
-		    "disabling");
-		options.update_hostkeys = 0;
+	if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
+		if (options.control_persist && options.control_path != NULL) {
+			debug("UpdateHostKeys=ask is incompatible with "
+			    "ControlPersist; disabling");
+			options.update_hostkeys = 0;
+		} else if (sshbuf_len(command) != 0 ||
+		    options.remote_command != NULL ||
+		    options.request_tty == REQUEST_TTY_NO) {
+			debug("UpdateHostKeys=ask is incompatible with "
+			    "remote command execution; disabling");
+			options.update_hostkeys = 0;
+		}
 	}
 	if (options.connection_attempts <= 0)
 		fatal("Invalid number of ConnectionAttempts");

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list