diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-07-25 17:03:01 +0200 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-07-25 17:03:01 +0200 |
commit | a935ad1857b91b6aa179d14137f520d978647341 (patch) | |
tree | d86d4f8292843caca7f9155dba40261ea24146d8 /examples/knownhosts.c | |
parent | 7abb3941c8858204f3d3bc2d59e17fa7b04489bf (diff) | |
download | libssh-a935ad1857b91b6aa179d14137f520d978647341.tar.gz libssh-a935ad1857b91b6aa179d14137f520d978647341.tar.xz libssh-a935ad1857b91b6aa179d14137f520d978647341.zip |
New example directory with the begining of a scp
Diffstat (limited to 'examples/knownhosts.c')
-rw-r--r-- | examples/knownhosts.c | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/examples/knownhosts.c b/examples/knownhosts.c new file mode 100644 index 0000000..bee9c91 --- /dev/null +++ b/examples/knownhosts.c @@ -0,0 +1,97 @@ +/* + * knownhosts.c + * This file contains an example of how verify the identity of a + * SSH server using libssh + */ + +/* +Copyright 2003-2009 Aris Adamantiadis + +This file is part of the SSH Library + +You are free to copy this file, modify it in any way, consider it being public +domain. This does not apply to the rest of the library though, but it is +allowed to cut-and-paste working code from this file to any license of +program. +The goal is to show the API in action. It's not a reference on how terminal +clients must be made or how a client should react. + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> + +#include <libssh/libssh.h> +#include "examples_common.h" + +int verify_knownhost(ssh_session session){ + char *hexa; + int state; + char buf[10]; + unsigned char *hash = NULL; + int hlen; + + state=ssh_is_server_known(session); + + hlen = ssh_get_pubkey_hash(session, &hash); + if (hlen < 0) { + ssh_disconnect(session); + ssh_finalize(); + return 1; + } + switch(state){ + case SSH_SERVER_KNOWN_OK: + break; /* ok */ + case SSH_SERVER_KNOWN_CHANGED: + fprintf(stderr,"Host key for server changed : server's one is now :\n"); + ssh_print_hexa("Public key hash",hash, hlen); + free(hash); + fprintf(stderr,"For security reason, connection will be stopped\n"); + ssh_disconnect(session); + ssh_finalize(); + exit(-1); + case SSH_SERVER_FOUND_OTHER: + fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); + fprintf(stderr,"An attacker might change the default server key to confuse your client" + "into thinking the key does not exist\n" + "We advise you to rerun the client with -d or -r for more safety.\n"); + ssh_disconnect(session); + ssh_finalize(); + exit(-1); + case SSH_SERVER_FILE_NOT_FOUND: + fprintf(stderr,"Could not find known host file. If you accept the host key here,\n"); + fprintf(stderr,"the file will be automatically created.\n"); + /* fallback to SSH_SERVER_NOT_KNOWN behavior */ + case SSH_SERVER_NOT_KNOWN: + hexa = ssh_get_hexa(hash, hlen); + fprintf(stderr,"The server is unknown. Do you trust the host key ?\n"); + fprintf(stderr, "Public key hash: %s\n", hexa); + free(hexa); + fgets(buf,sizeof(buf),stdin); + if(strncasecmp(buf,"yes",3)!=0){ + ssh_disconnect(session); + exit(-1); + } + fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n"); + fgets(buf,sizeof(buf),stdin); + if(strncasecmp(buf,"yes",3)==0){ + if (ssh_write_knownhost(session) < 0) { + free(hash); + fprintf(stderr, "error %s\n", strerror(errno)); + exit(-1); + } + } + + break; + case SSH_SERVER_ERROR: + free(hash); + fprintf(stderr,"%s",ssh_get_error(session)); + ssh_disconnect(session); + ssh_finalize(); + exit(-1); + } + free(hash); + return 0; +} |