diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-10-07 04:26:28 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-10-07 04:34:11 +0200 |
| commit | 4aa2717d7517cff4bc423a6cfba3a2defb055aea (patch) | |
| tree | 5812645d82a87094e04752cd5e36294e850788a5 /sshconnect.c | |
| parent | upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug (diff) | |
| download | openssh-4aa2717d7517cff4bc423a6cfba3a2defb055aea.tar.xz openssh-4aa2717d7517cff4bc423a6cfba3a2defb055aea.zip | |
upstream: Disable UpdateHostkeys when hostkey checking fails
If host key checking fails (i.e. a wrong host key is recorded for the
server) and the user elects to continue (via StrictHostKeyChecking=no),
then disable UpdateHostkeys for the session.
reminded by Mark D. Baushke; ok markus@
OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sshconnect.c b/sshconnect.c index c055773f1..d73cecc80 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.338 2020/10/07 02:24:51 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.339 2020/10/07 02:26:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1079,6 +1079,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, options.tun_open = SSH_TUNMODE_NO; cancelled_forwarding = 1; } + if (options.update_hostkeys != 0) { + error("UpdateHostkeys is disabled because the host " + "key is not trusted."); + options.update_hostkeys = 0; + } if (options.exit_on_forward_failure && cancelled_forwarding) fatal("Error: forwarding disabled due to host key " "check failure"); |