search for: user_hostfile

...shconnect.c 2006-02-04 16:42:04.000000000 +0100 @@ -51,6 +51,9 @@ static int show_other_keys(const char *, Key *); static void warn_changed_key(Key *); +static int ask_connect_with_new_key(const char *host, Key *host_key, + const char* ip, const char* type, HostStatus ip_status, + const char *user_hostfile); /* * Connect to the given ssh server using a proxy command. @@ -524,10 +527,9 @@ Key *file_key; const char *type = key_type(host_key); char *ip = NULL; - char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; - int r, local = 0, host_ip_differ = 0; + int lo...

...a/auth.c +++ b/auth.c @@ -379,7 +379,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, const struct hostkey_entry *found; hostkeys = init_hostkeys(); - load_hostkeys(hostkeys, host, sysfile); + load_hostkeys(hostkeys, host, NULL, sysfile); if (userfile != NULL) { user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && @@ -393,7 +393,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, user_hostfile); } else { temporarily_use_uid(pw); - load_hostkeys(hostkeys, host, user_hostfile); + l...

...f (cert) + host_key = cert; if (options.check_host_ip && ip_status == HOST_NEW) { snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); hostp = hostline; if (options.hash_known_hosts) { /* Add hash of host and IP separately */ r = add_host_to_hostfile(user_hostfiles[0], - host, host_key, options.hash_known_hosts) && - add_host_to_hostfile(user_hostfiles[0], ip, - host_key, options.hash_known_hosts); + host, host_key, options.hash_known_hosts); + /* Don't add an IP entry if we're writing out a cert */ + if (!r...

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

...(level=SYSLOG_LEVEL_DEBUG1, fmt=0xb9e28 "using hostkeyalias: %s", args=0xefffe510) at log.c:385 #4 0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159 #5 0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0, user_hostfile=0x81 "", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561 #6 0x21634 in verify_host_key (host=0xfa790 "pf-i400", hostaddr=0xf3560, host_key=0xffaa8) at sshconnect.c:810 #7 0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71 #8 0x4182...

...r IP in %s:%d", ip_file, ip_line); + error(" remove with: ssh-keygen -f \"%s\" -R %d", ip_file, ip_line); + } } /* The host key has changed. */ warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfile); error("Offending key in %s:%d", host_file, host_line); + error(" remove with: ssh-keygen -f \"%s\" -R %d", host_file, host_line); /* * If strict host key checking is in use, the user will have

...msg2[1024], msg_same_key[1024]; if (show_other_keys(host, host_key)) snprintf(msg1, sizeof(msg1), @@ -724,6 +724,29 @@ " known for this host."); else snprintf(msg1, sizeof(msg1), "."); + + HostList *keyhosts = NULL; + keyhosts = find_hosts_by_key(user_hostfile, host_key, keyhosts); + keyhosts = find_hosts_by_key(system_hostfile, host_key, keyhosts); + if (keyhosts != NULL) { + snprintf(msg_same_key, sizeof(msg_same_key), + "The following hosts are already known to " + "have the same key:\n"); + + HostList *x; +...

https://bugzilla.mindrot.org/show_bug.cgi?id=2738 Bug ID: 2738 Summary: UpdateHostKeys does not check keys in secondary known_hosts files Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh

...enough */ + +#define SSH_BIND_ADDRESS_ANY "any" /* any address mark, used in configuration file */ +#define SSH_BIND_ADDRESS_ANYlen strlen(SSH_BIND_ADDRESS_ANY) typedef struct { int forward_agent; /* Forward authentication agent. */ @@ -89,7 +93,10 @@ typedef struct { u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ char *user_hostfiles[SSH_MAX_HOSTS_FILES]; char *preferred_authentications; - char *bind_address; /* local socket address for connection to sshd */ + + char *bind_addresses[SSH_MAX_BIND_ADDRESSES]; /* local socket address list for connection to ss...

..._KNOWN_HOSTS + unsigned char md[SHA_DIGEST_LENGTH]; + char uu[SHA_DIGEST_LENGTH*2]; +#endif + /* * Force accepting of the host key for loopback/localhost. The @@ -579,6 +589,26 @@ check_host_key(char *host, struct sockad * hosts or in the systemwide list. */ host_file = user_hostfile; + +#ifdef HASH_KNOWN_HOSTS + if (options.hash_known_hosts) { + /* + * turn off host ip checking because we take care of it + */ + options.check_host_ip = 0; + + snprintf(hostline, sizeof(...

...ms }, + { "SNKFile", oSNKFile }, { NULL, 0 } }; @@ -435,6 +436,10 @@ charptr = &options->system_hostfile; goto parse_string; + case oSNKFile: + charptr = &options->snk_keyfile; + goto parse_string; + case oUserKnownHostsFile: charptr = &options->user_hostfile; goto parse_string; @@ -761,6 +766,7 @@ options->num_remote_forwards = 0; options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; + options->snk_keyfile = NULL; } /* diff -NuBw openssh-2.9p1/readconf.h openssh/readconf.h --- openssh-2.9p1/readconf.h...