diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-06-27 09:13:24 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-06-27 09:45:35 +0200 |
commit | 7ef72ec91f64130970e5354f32e8a126a0d6d766 (patch) | |
tree | e07b88caaf65268d6a06c358a64ba5d6ba12a81d /doc | |
parent | b74a18417233651fc62cc478b1a343495444303f (diff) | |
download | libssh-7ef72ec91f64130970e5354f32e8a126a0d6d766.tar.gz libssh-7ef72ec91f64130970e5354f32e8a126a0d6d766.tar.xz libssh-7ef72ec91f64130970e5354f32e8a126a0d6d766.zip |
doc: Updated guided tour for knownhosts changes
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guided_tour.dox | 152 |
1 files changed, 84 insertions, 68 deletions
diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox index 94449e19..c74bfa87 100644 --- a/doc/guided_tour.dox +++ b/doc/guided_tour.dox @@ -158,7 +158,7 @@ you just connected to is known and safe to use (remember, SSH is about security authentication). There are two ways of doing this: - - The first way (recommended) is to use the ssh_is_server_known() + - The first way (recommended) is to use the ssh_session_is_known_server() function. This function will look into the known host file (~/.ssh/known_hosts on UNIX), look for the server hostname's pattern, and determine whether this host is present or not in the list. @@ -185,74 +185,89 @@ examples/ directory: int verify_knownhost(ssh_session session) { - int state, hlen; - unsigned char *hash = NULL; - char *hexa; - char buf[10]; - - state = ssh_is_server_known(session); - - hlen = ssh_get_pubkey_hash(session, &hash); - if (hlen < 0) - return -1; - - switch (state) - { - case SSH_SERVER_KNOWN_OK: - break; /* ok */ - - case SSH_SERVER_KNOWN_CHANGED: - fprintf(stderr, "Host key for server changed: it is now:\n"); - ssh_print_hexa("Public key hash", hash, hlen); - fprintf(stderr, "For security reasons, connection will be stopped\n"); - free(hash); - return -1; - - case SSH_SERVER_FOUND_OTHER: - fprintf(stderr, "The host key for this server was not found but an other" - "type of key exists.\n"); - fprintf(stderr, "An attacker might change the default server key to" - "confuse your client into thinking the key does not exist\n"); - free(hash); - return -1; - - case SSH_SERVER_FILE_NOT_FOUND: - fprintf(stderr, "Could not find known host file.\n"); - fprintf(stderr, "If you accept the host key here, the file will be" - "automatically created.\n"); - /* fallback to SSH_SERVER_NOT_KNOWN behavior */ - - case SSH_SERVER_NOT_KNOWN: - hexa = ssh_get_hexa(hash, hlen); - fprintf(stderr,"The server is unknown. Do you trust the host key?\n"); - fprintf(stderr, "Public key hash: %s\n", hexa); - free(hexa); - if (fgets(buf, sizeof(buf), stdin) == NULL) - { - free(hash); - return -1; - } - if (strncasecmp(buf, "yes", 3) != 0) - { - free(hash); + enum ssh_known_hosts_e state; + unsigned char *hash = NULL; + ssh_key srv_pubkey = NULL; + size_t hlen; + char buf[10]; + char *hexa; + char *p; + int cmp; + int rc; + + rc = ssh_get_server_publickey(session, &srv_pubkey); + if (rc < 0) { return -1; - } - if (ssh_write_knownhost(session) < 0) - { - fprintf(stderr, "Error %s\n", strerror(errno)); - free(hash); + } + + rc = ssh_get_publickey_hash(srv_pubkey, + SSH_PUBLICKEY_HASH_SHA1, + &hash, + &hlen); + ssh_key_free(srv_pubkey); + if (rc < 0) { return -1; - } - break; + } - case SSH_SERVER_ERROR: - fprintf(stderr, "Error %s", ssh_get_error(session)); - free(hash); - return -1; - } + state = ssh_session_is_known_server(session); + switch (state) { + case SSH_KNOWN_HOSTS_OK: + /* OK */ + + break; + case SSH_KNOWN_HOSTS_CHANGED: + fprintf(stderr, "Host key for server changed: it is now:\n"); + ssh_print_hexa("Public key hash", hash, hlen); + fprintf(stderr, "For security reasons, connection will be stopped\n"); + ssh_clean_pubkey_hash(&hash); + + return -1; + case SSH_KNOWN_HOSTS_OTHER: + fprintf(stderr, "The host key for this server was not found but an other" + "type of key exists.\n"); + fprintf(stderr, "An attacker might change the default server key to" + "confuse your client into thinking the key does not exist\n"); + ssh_clean_pubkey_hash(&hash); + + return -1; + case SSH_KNOWN_HOSTS_NOT_FOUND: + fprintf(stderr, "Could not find known host file.\n"); + fprintf(stderr, "If you accept the host key here, the file will be" + "automatically created.\n"); + + /* FALL THROUGH to SSH_SERVER_NOT_KNOWN behavior */ + + case SSH_KNOWN_HOSTS_UNKNOWN: + hexa = ssh_get_hexa(hash, hlen); + fprintf(stderr,"The server is unknown. Do you trust the host key?\n"); + fprintf(stderr, "Public key hash: %s\n", hexa); + ssh_string_free_char(hexa); + ssh_clean_pubkey_hash(&hash); + p = fgets(buf, sizeof(buf), stdin); + if (p == NULL) { + return -1; + } + + cmp = strncasecmp(buf, "yes", 3); + if (cmp != 0) { + return -1; + } + + rc = ssh_session_update_known_hosts(session); + if (rc < 0) { + fprintf(stderr, "Error %s\n", strerror(errno)); + return -1; + } + + break; + case SSH_KNOWN_HOSTS_ERROR: + fprintf(stderr, "Error %s", ssh_get_error(session)); + ssh_clean_pubkey_hash(&hash); + return -1; + } - free(hash); - return 0; + ssh_clean_pubkey_hash(&hash); + return 0; } @endcode @@ -260,9 +275,10 @@ int verify_knownhost(ssh_session session) @see ssh_disconnect @see ssh_get_error @see ssh_get_error_code -@see ssh_get_pubkey_hash -@see ssh_is_server_known -@see ssh_write_knownhost +@see ssh_get_server_publickey +@see ssh_get_publickey_hash +@see ssh_session_is_known_server +@see ssh_session_update_known_hosts @subsection auth Authenticating the user |