static int
verify_host_key_callback(Key *hostkey)
{
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
fatal("Host key verification failed.");
return 0;
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx)
{
int ret;
static const char absentmsg_batch[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char wrongmsg_batch[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
if (ret == 2) { /* key was different */
appendLogF(wrongmsg_batch, keytype, fingerprint);
return 0;
}
if (ret == 1) { /* key was absent */
appendLogF(absentmsg_batch, keytype, fingerprint);
cleanup_exit(1);
}
return 1;
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx)
{
int ret;
static const char absentmsg_batch[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char absentmsg[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"If you trust this host, hit Yes to add the key to\n"
"%s's cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, hit No.\n"
"If you do not trust this host, hit Cancel to abandon the\n"
"connection.\n";
static const char wrongmsg_batch[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char wrongmsg[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"\n"
"The server's host key does not match the one %s has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"If you were expecting this change and trust the new key,\n"
"hit Yes to update %s's cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, hit No.\n"
"If you want to abandon the connection completely, hit\n"
"Cancel. Hitting Cancel is the ONLY guaranteed safe\n" "choice.\n";
static const char abandoned[] = "Connection abandoned.\n";
static const char mbtitle[] = "%s Security Alert";
int mbret;
char *message, *title;
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
if (ret == 2) { /* key was different */
if (console_batch_mode) {
fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
return 0;
}
message = dupprintf(wrongmsg, appname, keytype, fingerprint, appname);
}
else if (ret == 1) { /* key was absent */
if (console_batch_mode) {
fprintf(stderr, absentmsg_batch, keytype, fingerprint);
return 0;
}
message = dupprintf(absentmsg, keytype, fingerprint, appname);
}
title = dupprintf(mbtitle, appname);
mbret = MessageBox(GetParentHwnd(), message, title,
MB_ICONWARNING | MB_YESNOCANCEL);
sfree(message);
sfree(title);
if (mbret == IDYES) {
store_host_key(host, port, keytype, keystr);
return 1;
}
if (mbret == IDCANCEL)
cleanup_exit(0);
return 1;
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx)
{
int ret;
HANDLE hin;
DWORD savemode, i;
static const char absentmsg_batch[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char absentmsg[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"If you trust this host, enter \"y\" to add the key to\n"
"PuTTY's cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, enter \"n\".\n"
"If you do not trust this host, press Return to abandon the\n"
"connection.\n"
"Store key in cache? (y/n) ";
static const char wrongmsg_batch[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char wrongmsg[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"If you were expecting this change and trust the new key,\n"
"enter \"y\" to update PuTTY's cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, enter \"n\".\n"
"If you want to abandon the connection completely, press\n"
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
"safe choice.\n"
"Update cached key? (y/n, Return cancels connection) ";
static const char abandoned[] = "Connection abandoned.\n";
char line[32];
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
if (ret == 2) { /* key was different */
if (console_batch_mode) {
fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
return 0;
}
fprintf(stderr, wrongmsg, keytype, fingerprint);
fflush(stderr);
}
if (ret == 1) { /* key was absent */
if (console_batch_mode) {
fprintf(stderr, absentmsg_batch, keytype, fingerprint);
return 0;
}
fprintf(stderr, absentmsg, keytype, fingerprint);
fflush(stderr);
}
#ifdef PERSOPORT
if( GetAutoStoreSSHKeyFlag() ) {
fprintf( stderr, "\nAutostore key is on\n" );
strcpy(line,"y\r\n");
} else {
#endif
hin = GetStdHandle(STD_INPUT_HANDLE);
GetConsoleMode(hin, &savemode);
SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
SetConsoleMode(hin, savemode);
#ifdef PERSOPORT
}
#endif
if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
if (line[0] == 'y' || line[0] == 'Y')
store_host_key(host, port, keytype, keystr);
return 1;
} else {
fprintf(stderr, abandoned);
return 0;
}
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx)
{
int ret;
static const char absentmsg_batch[] =
"The server's host key is not cached. You have no guarantee\n"
"that the server is the computer you think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char absentmsg[] =
"The server's host key is not cached. You have no guarantee\n"
"that the server is the computer you think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"If you trust this host, enter \"y\" to add the key to\n"
"PuTTY's cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, enter \"n\".\n"
"If you do not trust this host, press Return to abandon the\n"
"connection.\n"
"Store key in cache? (y/n) ";
static const char wrongmsg_batch[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached. This means that either the server administrator\n"
"has changed the host key, or you have actually connected\n"
"to another computer pretending to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char wrongmsg[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached. This means that either the server administrator\n"
"has changed the host key, or you have actually connected\n"
"to another computer pretending to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"If you were expecting this change and trust the new key,\n"
"enter \"y\" to update PuTTY's cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, enter \"n\".\n"
"If you want to abandon the connection completely, press\n"
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
"safe choice.\n"
"Update cached key? (y/n, Return cancels connection) ";
static const char abandoned[] = "Connection abandoned.\n";
char line[32];
struct termios cf;
/*
* Verify the key.
*/
ret = verify_host_key(host, port, keytype, keystr);
// if (ret == 0) /* success - key matched OK */
return 1;
premsg(&cf);
if (ret == 2) { /* key was different */
if (console_batch_mode) {
fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
return 0;
}
fprintf(stderr, wrongmsg, keytype, fingerprint);
fflush(stderr);
}
if (ret == 1) { /* key was absent */
if (console_batch_mode) {
fprintf(stderr, absentmsg_batch, keytype, fingerprint);
return 0;
}
fprintf(stderr, absentmsg, keytype, fingerprint);
fflush(stderr);
}
{
struct termios oldmode, newmode;
tcgetattr(0, &oldmode);
newmode = oldmode;
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
if (read(0, line, sizeof(line) - 1) <= 0)
/* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
}
if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
if (line[0] == 'y' || line[0] == 'Y')
store_host_key(host, port, keytype, keystr);
postmsg(&cf);
return 1;
} else {
fprintf(stderr, abandoned);
postmsg(&cf);
return 0;
}
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (* /*callback*/)(void *ctx, int result), void * /*ctx*/)
{
assert(frontend);
GuiTerminalWindow *f = static_cast<GuiTerminalWindow*>(frontend);
int ret = 1;
QString absentmsg =
QString("The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's " + QString(keytype) + " key fingerprint is:\n")
+ QString(fingerprint) + QString("\n"
"If you trust this host, hit Yes to add the key to\n"
APPNAME "'s cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, hit No.\n"
"If you do not trust this host, hit Cancel to abandon the\n"
"connection.\n");
QString wrongmsg =
QString("WARNING - POTENTIAL SECURITY BREACH!\n"
"\n"
"The server's host key does not match the one " APPNAME " has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new " + QString(keytype) + " key fingerprint is:\n"
+ QString(fingerprint) + "\n"
"If you were expecting this change and trust the new key,\n"
"hit Yes to update " APPNAME "'s cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, hit No.\n"
"If you want to abandon the connection completely, hit\n"
"Cancel. Hitting Cancel is the ONLY guaranteed safe\n" "choice.\n");
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
else if (ret == 2) { /* key was different */
switch (QMessageBox::critical(f->getMainWindow(), QString(APPNAME " Security Alert"),
wrongmsg,
QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel,
QMessageBox::Cancel)) {
case QMessageBox::Yes:
store_host_key(host, port, keytype, keystr);
return 2;
case QMessageBox::No: return 1;
default: return 0;
}
} else if (ret == 1) { /* key was absent */
switch (QMessageBox::warning(f->getMainWindow(), QString(APPNAME " Security Alert"),
absentmsg,
QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel,
QMessageBox::Cancel)) {
case QMessageBox::Yes:
store_host_key(host, port, keytype, keystr);
return 2;
case QMessageBox::No: return 1;
default: return 0;
}
}
return 0; /* abandon the connection */
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx)
{
int ret;
static const char absentmsg_batch[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char absentmsg[] =
"The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"If you trust this host, enter \"y\" to add the key to\n"
"PuTTY's cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, enter \"n\".\n"
"If you do not trust this host, press Return to abandon the\n"
"connection.\n"
"Store key in cache? (y/n) ";
static const char wrongmsg_batch[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"Connection abandoned.\n";
static const char wrongmsg[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"If you were expecting this change and trust the new key,\n"
"enter \"y\" to update PuTTY's cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, enter \"n\".\n"
"If you want to abandon the connection completely, press\n"
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
"safe choice.\n"
"Update cached key? (y/n, Return cancels connection) ";
static const char abandoned[] = "Connection abandoned.\n";
static const char mbtitle[] = "%s Security Alert";
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
if (ret == 2) { /* key was different */
int mbret;
char *message, *title;
message = dupprintf(wrongmsg, appname, keytype, fingerprint, appname);
title = dupprintf(mbtitle, appname);
mbret = MessageBox(GetParentHwnd(), message, title, MB_ICONWARNING | MB_YESNOCANCEL | MB_DEFBUTTON3);
sfree(message);
sfree(title);
if (mbret == IDYES) {
store_host_key(host, port, keytype, keystr);
return 1;
}
else if (mbret == IDNO)
{
return 1;
}
else
return 0;
}
if (ret == 1) { /* key was absent */
int mbret;
char *message, *title;
message = dupprintf(absentmsg, keytype, fingerprint, appname);
title = dupprintf(mbtitle, appname);
mbret = MessageBox(GetParentHwnd(), message, title,
MB_ICONWARNING | MB_ICONWARNING | MB_YESNOCANCEL | MB_DEFBUTTON3);
sfree(message);
sfree(title);
if (mbret == IDYES)
{
store_host_key(host, port, keytype, keystr);
return 1;
}
else if (mbret == IDNO)
{
return 1;
}
else
return 0;
}
return 1;
}
