From 7ef72ec91f64130970e5354f32e8a126a0d6d766 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 27 Jun 2018 09:13:24 +0200 Subject: doc: Updated guided tour for knownhosts changes Signed-off-by: Andreas Schneider --- doc/guided_tour.dox | 152 +++++++++++++++++++++++++++++----------------------- 1 file changed, 84 insertions(+), 68 deletions(-) diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox index 94449e19..c74bfa87 100644 --- a/doc/guided_tour.dox +++ b/doc/guided_tour.dox @@ -158,7 +158,7 @@ you just connected to is known and safe to use (remember, SSH is about security authentication). There are two ways of doing this: - - The first way (recommended) is to use the ssh_is_server_known() + - The first way (recommended) is to use the ssh_session_is_known_server() function. This function will look into the known host file (~/.ssh/known_hosts on UNIX), look for the server hostname's pattern, and determine whether this host is present or not in the list. @@ -185,74 +185,89 @@ examples/ directory: int verify_knownhost(ssh_session session) { - int state, hlen; - unsigned char *hash = NULL; - char *hexa; - char buf[10]; - - state = ssh_is_server_known(session); - - hlen = ssh_get_pubkey_hash(session, &hash); - if (hlen < 0) - return -1; - - switch (state) - { - case SSH_SERVER_KNOWN_OK: - break; /* ok */ - - case SSH_SERVER_KNOWN_CHANGED: - fprintf(stderr, "Host key for server changed: it is now:\n"); - ssh_print_hexa("Public key hash", hash, hlen); - fprintf(stderr, "For security reasons, connection will be stopped\n"); - free(hash); - return -1; - - case SSH_SERVER_FOUND_OTHER: - fprintf(stderr, "The host key for this server was not found but an other" - "type of key exists.\n"); - fprintf(stderr, "An attacker might change the default server key to" - "confuse your client into thinking the key does not exist\n"); - free(hash); - return -1; - - case SSH_SERVER_FILE_NOT_FOUND: - fprintf(stderr, "Could not find known host file.\n"); - fprintf(stderr, "If you accept the host key here, the file will be" - "automatically created.\n"); - /* fallback to SSH_SERVER_NOT_KNOWN behavior */ - - case SSH_SERVER_NOT_KNOWN: - hexa = ssh_get_hexa(hash, hlen); - fprintf(stderr,"The server is unknown. Do you trust the host key?\n"); - fprintf(stderr, "Public key hash: %s\n", hexa); - free(hexa); - if (fgets(buf, sizeof(buf), stdin) == NULL) - { - free(hash); - return -1; - } - if (strncasecmp(buf, "yes", 3) != 0) - { - free(hash); + enum ssh_known_hosts_e state; + unsigned char *hash = NULL; + ssh_key srv_pubkey = NULL; + size_t hlen; + char buf[10]; + char *hexa; + char *p; + int cmp; + int rc; + + rc = ssh_get_server_publickey(session, &srv_pubkey); + if (rc < 0) { return -1; - } - if (ssh_write_knownhost(session) < 0) - { - fprintf(stderr, "Error %s\n", strerror(errno)); - free(hash); + } + + rc = ssh_get_publickey_hash(srv_pubkey, + SSH_PUBLICKEY_HASH_SHA1, + &hash, + &hlen); + ssh_key_free(srv_pubkey); + if (rc < 0) { return -1; - } - break; + } - case SSH_SERVER_ERROR: - fprintf(stderr, "Error %s", ssh_get_error(session)); - free(hash); - return -1; - } + state = ssh_session_is_known_server(session); + switch (state) { + case SSH_KNOWN_HOSTS_OK: + /* OK */ + + break; + case SSH_KNOWN_HOSTS_CHANGED: + fprintf(stderr, "Host key for server changed: it is now:\n"); + ssh_print_hexa("Public key hash", hash, hlen); + fprintf(stderr, "For security reasons, connection will be stopped\n"); + ssh_clean_pubkey_hash(&hash); + + return -1; + case SSH_KNOWN_HOSTS_OTHER: + fprintf(stderr, "The host key for this server was not found but an other" + "type of key exists.\n"); + fprintf(stderr, "An attacker might change the default server key to" + "confuse your client into thinking the key does not exist\n"); + ssh_clean_pubkey_hash(&hash); + + return -1; + case SSH_KNOWN_HOSTS_NOT_FOUND: + fprintf(stderr, "Could not find known host file.\n"); + fprintf(stderr, "If you accept the host key here, the file will be" + "automatically created.\n"); + + /* FALL THROUGH to SSH_SERVER_NOT_KNOWN behavior */ + + case SSH_KNOWN_HOSTS_UNKNOWN: + hexa = ssh_get_hexa(hash, hlen); + fprintf(stderr,"The server is unknown. Do you trust the host key?\n"); + fprintf(stderr, "Public key hash: %s\n", hexa); + ssh_string_free_char(hexa); + ssh_clean_pubkey_hash(&hash); + p = fgets(buf, sizeof(buf), stdin); + if (p == NULL) { + return -1; + } + + cmp = strncasecmp(buf, "yes", 3); + if (cmp != 0) { + return -1; + } + + rc = ssh_session_update_known_hosts(session); + if (rc < 0) { + fprintf(stderr, "Error %s\n", strerror(errno)); + return -1; + } + + break; + case SSH_KNOWN_HOSTS_ERROR: + fprintf(stderr, "Error %s", ssh_get_error(session)); + ssh_clean_pubkey_hash(&hash); + return -1; + } - free(hash); - return 0; + ssh_clean_pubkey_hash(&hash); + return 0; } @endcode @@ -260,9 +275,10 @@ int verify_knownhost(ssh_session session) @see ssh_disconnect @see ssh_get_error @see ssh_get_error_code -@see ssh_get_pubkey_hash -@see ssh_is_server_known -@see ssh_write_knownhost +@see ssh_get_server_publickey +@see ssh_get_publickey_hash +@see ssh_session_is_known_server +@see ssh_session_update_known_hosts @subsection auth Authenticating the user -- cgit v1.2.3