search for: check_host_ip

...+454,10 @@ *intptr = value; break; + case oOffendingKeyOverride: + intptr = &options->offending_key_override; + goto parse_flag; + case oCompression: intptr = &options->compression; goto parse_flag; @@ -979,6 +985,7 @@ options->batch_mode = -1; options->check_host_ip = -1; options->strict_host_key_checking = -1; + options->offending_key_override = -1; options->compression = -1; options->tcp_keep_alive = -1; options->compression_level = -1; @@ -1073,6 +1080,8 @@ options->check_host_ip = 1; if (options->strict_host_key_checking =...

...quot;, oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, +#ifdef HASH_KNOWN_HOSTS + { "hashknownhosts", oHashKnownHosts }, +#endif { NULL, oBadOption } }; @@ -380,6 +386,12 @@ parse_flag: intptr = &options->check_host_ip; goto parse_flag; +#ifdef HASH_KNOWN_HOSTS + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; +#endif + case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; arg = strdelim(&s); @@...

...s key fingerprint is %s.\n" "Are you sure you want to continue connecting " "(yes/no)? ", host, ip, type, fp); - xfree(fp); - if (!confirm(prompt)) { + if (!confirm(prompt, fp)) { + xfree(fp); goto fail; } + xfree(fp); } if (options.check_host_ip && ip_status == HOST_NEW) { snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); @@ -815,7 +818,7 @@ goto fail; } else if (options.strict_host_key_checking == 2) { if (!confirm("Are you sure you want " - "to continue connecting (yes/no)? &q...

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

...; + load_hostkeys(host_hostkeys, host, NULL, user_hostfiles[i]); for (i = 0; i < num_system_hostfiles; i++) - load_hostkeys(host_hostkeys, host, system_hostfiles[i]); + load_hostkeys(host_hostkeys, host, NULL, system_hostfiles[i]); ip_hostkeys = NULL; if (!want_cert && options.check_host_ip) { ip_hostkeys = init_hostkeys(); for (i = 0; i < num_user_hostfiles; i++) - load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); + load_hostkeys(ip_hostkeys, ip, NULL, user_hostfiles[i]); for (i = 0; i < num_system_hostfiles; i++) - load_hostkeys(ip_hostkeys, ip, system_hostfile...