search for: warn_changed_key

Y'all, Currently (OpenSSH_7.1p1) no distinction is made between when an SSHFP RR is missing from the result set (rather then being empty), which can lead to confusing error messages, (the "normal" warn_changed_key() blurb is emitted) e.g. when the presented host key and known hosts both match but there is no matching RR. Further, if VerifyHostKeyDNS and StrictHostKeyChecking are set, there is no prompting for confirmation if the connection should be allowed to proceed; I'm unsure if this is by design or...

Have you seen this? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 --mancha

...t). */ diff -aur openssh-4.3p1/sshconnect.c openssh-4.3p1-patch/sshconnect.c --- openssh-4.3p1/sshconnect.c 2005-12-13 09:29:03.000000000 +0100 +++ openssh-4.3p1-patch/sshconnect.c 2006-02-04 16:42:04.000000000 +0100 @@ -51,6 +51,9 @@ static int show_other_keys(const char *, Key *); static void warn_changed_key(Key *); +static int ask_connect_with_new_key(const char *host, Key *host_key, + const char* ip, const char* type, HostStatus ip_status, + const char *user_hostfile); /* * Connect to the given ssh server using a proxy command. @@ -524,10 +527,9 @@ Key *file_key; const char *type = key_typ...

...same time."); - if (ip_status != HOST_NEW) + if (ip_status != HOST_NEW) { error("Offending key for IP in %s:%d", ip_file, ip_line); + error(" remove with: ssh-keygen -f \"%s\" -R %d", ip_file, ip_line); + } } /* The host key has changed. */ warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfile); error("Offending key in %s:%d", host_file, host_line); + error(" remove with: ssh-keygen -f \"%s\" -R %d", host_file, host_line); /* * If str...

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

...tions->close_command = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; Index: sshconnect.c --- openssh-3.8p1.orig/sshconnect.c (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/sshconnect.c (revision 25) @@ -55,6 +55,93 @@ static void warn_changed_key(Key *); /* + * Run the given command + */ +int +ssh_run_command(const char *type, const char *host, u_short port, const char *run_command) +{ + Buffer command; + const char *cp; + char *command_string; + pid_t pid; + char strport[NI_MAXSERV]; + int status; + + /* Convert the port number into a s...

...eated attachment 2753 --> https://bugzilla.mindrot.org/attachment.cgi?id=2753&action=edit Two patches for the above. When SSHFP RR is missing (while there are records available) ssh does not distinguish between these two, leading to confusing error messages, that is the "normal" warn_changed_key() blurb is emitted. Further, when VerifyHostDNS is set and StrictHostKeyChecking is set and the host presented key matches the known host key but the RR is missing the same warning is emitted however the user is not prompted for confirmation that the connection should continue (this might be by de...