aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--examples/knownhosts.c143
1 files changed, 73 insertions, 70 deletions
diff --git a/examples/knownhosts.c b/examples/knownhosts.c
index 2c538dac..b7833d35 100644
--- a/examples/knownhosts.c
+++ b/examples/knownhosts.c
@@ -32,82 +32,85 @@ clients must be made or how a client should react.
#define strncasecmp _strnicmp
#endif
-int verify_knownhost(ssh_session session){
- enum ssh_known_hosts_e state;
- char buf[10];
- unsigned char *hash = NULL;
- size_t hlen;
- ssh_key srv_pubkey;
- int rc;
-
- rc = ssh_get_server_publickey(session, &srv_pubkey);
- if (rc < 0) {
- return -1;
- }
-
- rc = ssh_get_publickey_hash(srv_pubkey,
- SSH_PUBLICKEY_HASH_SHA256,
- &hash,
- &hlen);
- ssh_key_free(srv_pubkey);
- if (rc < 0) {
- return -1;
- }
-
- state = ssh_session_is_known_server(session);
-
- switch(state){
- case SSH_KNOWN_HOSTS_OK:
- break; /* ok */
+int verify_knownhost(ssh_session session)
+{
+ enum ssh_known_hosts_e state;
+ char buf[10];
+ unsigned char *hash = NULL;
+ size_t hlen;
+ ssh_key srv_pubkey;
+ int rc;
+
+ rc = ssh_get_server_publickey(session, &srv_pubkey);
+ if (rc < 0) {
+ return -1;
+ }
+
+ rc = ssh_get_publickey_hash(srv_pubkey,
+ SSH_PUBLICKEY_HASH_SHA256,
+ &hash,
+ &hlen);
+ ssh_key_free(srv_pubkey);
+ if (rc < 0) {
+ return -1;
+ }
+
+ state = ssh_session_is_known_server(session);
+
+ switch(state) {
case SSH_KNOWN_HOSTS_CHANGED:
- fprintf(stderr,"Host key for server changed : server's one is now :\n");
- ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
- ssh_clean_pubkey_hash(&hash);
- fprintf(stderr,"For security reason, connection will be stopped\n");
- return -1;
+ fprintf(stderr,"Host key for server changed : server's one is now :\n");
+ ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
+ ssh_clean_pubkey_hash(&hash);
+ fprintf(stderr,"For security reason, connection will be stopped\n");
+ return -1;
case SSH_KNOWN_HOSTS_OTHER:
- fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
- fprintf(stderr,"An attacker might change the default server key to confuse your client"
- "into thinking the key does not exist\n"
- "We advise you to rerun the client with -d or -r for more safety.\n");
- return -1;
+ fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
+ fprintf(stderr,"An attacker might change the default server key to confuse your client"
+ "into thinking the key does not exist\n"
+ "We advise you to rerun the client with -d or -r for more safety.\n");
+ return -1;
case SSH_KNOWN_HOSTS_NOT_FOUND:
- fprintf(stderr,"Could not find known host file. If you accept the host key here,\n");
- fprintf(stderr,"the file will be automatically created.\n");
- /* fallback to SSH_SERVER_NOT_KNOWN behavior */
- FALL_THROUGH;
+ fprintf(stderr,"Could not find known host file. If you accept the host key here,\n");
+ fprintf(stderr,"the file will be automatically created.\n");
+ /* fallback to SSH_SERVER_NOT_KNOWN behavior */
+ FALL_THROUGH;
case SSH_SERVER_NOT_KNOWN:
- fprintf(stderr,
- "The server is unknown. Do you trust the host key (yes/no)?\n");
- ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
+ fprintf(stderr,
+ "The server is unknown. Do you trust the host key (yes/no)?\n");
+ ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
- if (fgets(buf, sizeof(buf), stdin) == NULL) {
- ssh_clean_pubkey_hash(&hash);
- return -1;
- }
- if(strncasecmp(buf,"yes",3)!=0){
- ssh_clean_pubkey_hash(&hash);
- return -1;
- }
- fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
- if (fgets(buf, sizeof(buf), stdin) == NULL) {
- ssh_clean_pubkey_hash(&hash);
- return -1;
- }
- if(strncasecmp(buf,"yes",3)==0){
- if (ssh_write_knownhost(session) < 0) {
- ssh_clean_pubkey_hash(&hash);
- fprintf(stderr, "error %s\n", strerror(errno));
- return -1;
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ ssh_clean_pubkey_hash(&hash);
+ return -1;
+ }
+ if(strncasecmp(buf,"yes",3)!=0){
+ ssh_clean_pubkey_hash(&hash);
+ return -1;
+ }
+ fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ ssh_clean_pubkey_hash(&hash);
+ return -1;
+ }
+ if(strncasecmp(buf,"yes",3)==0){
+ if (ssh_write_knownhost(session) < 0) {
+ ssh_clean_pubkey_hash(&hash);
+ fprintf(stderr, "error %s\n", strerror(errno));
+ return -1;
+ }
}
- }
- break;
+ break;
case SSH_KNOWN_HOSTS_ERROR:
- ssh_clean_pubkey_hash(&hash);
- fprintf(stderr,"%s",ssh_get_error(session));
- return -1;
- }
- ssh_clean_pubkey_hash(&hash);
- return 0;
+ ssh_clean_pubkey_hash(&hash);
+ fprintf(stderr,"%s",ssh_get_error(session));
+ return -1;
+ case SSH_KNOWN_HOSTS_OK:
+ break; /* ok */
+ }
+
+ ssh_clean_pubkey_hash(&hash);
+
+ return 0;
}