Hi to all folks,
the attached patch add the -Y option which force the acceptance and
the storage of the hostkey. OpenSSH has a rc option which bypass the
check. In this patch storage of the unknown or not corresponding
hostkeys as been implemented. This option is NOT enabled by default
but it becames available editing options.h.
Forcing the storage of the hostkey is usefull in some embedded
systems in which I have to use dropbear/ssh to get the hostkey and
after sftp which checks the stored hostkey.
I am conscious that doing this the system could be exposed to
man-in-the-middle attack but not more than manually removing
know_hosts file.
The usage of this option woudl be usefull when user-remote-cli would
force the overwriting of the stored hostkey: the ssh first fails
because hostkey mismatch, the user will be informed about hostkey
mismatch and if the user confirms is not a man-in-the-middle case then
another run with -Y force the changes without the necessity of
remote-cli knows anything about embedded system apart -Y option.
Please apply or comment back.
Thanks,
--
/roberto
diff -pru dropbear-0.50/cli-kex.c dropbear-0.50_raf/cli-kex.c
--- dropbear-0.50/cli-kex.c 2007-08-08 17:39:36.000000000 +0200
+++ dropbear-0.50_raf/cli-kex.c 2007-10-17 14:56:57.011556128 +0200
@@ -278,6 +278,13 @@ static void checkhostkey(unsigned char*
goto out;
}
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ if (cli_opts.always_accept_key < 0) {
+ /* The keys didn't match. eep. but acceptance is forced anyway */
+ TRACE(("Host key mismatch but acceptance is forced anyway by command line parameter"))
+ break;
+ }
+#endif
/* The keys didn't match. eep. Note that we're "leaking"
the fingerprint strings here, but we're exiting anyway */
dropbear_exit("\n\nHost key mismatch for %s !\n"
@@ -287,19 +294,19 @@ static void checkhostkey(unsigned char*
cli_opts.remotehost,
sign_key_fingerprint(keyblob, keybloblen),
fingerprint ? fingerprint : "UNKNOWN");
+
} while (1); /* keep going 'til something happens */
/* Key doesn't exist yet */
ask_to_confirm(keyblob, keybloblen);
/* If we get here, they said yes */
-
if (readonly) {
TRACE(("readonly"))
goto out;
}
- if (!cli_opts.always_accept_key) {
+ if (cli_opts.always_accept_key > 0) {
/* put the new entry in the file */
fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
buf_setpos(line, 0);
diff -pru dropbear-0.50/cli-runopts.c dropbear-0.50_raf/cli-runopts.c
--- dropbear-0.50/cli-runopts.c 2007-08-08 17:39:36.000000000 +0200
+++ dropbear-0.50_raf/cli-runopts.c 2007-10-17 14:58:42.199568767 +0200
@@ -53,6 +53,9 @@ static void printhelp() {
"-N Don't run a remote command\n"
"-f Run in background after auth\n"
"-y Always accept remote host key if unknown\n"
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ "-Y Always accept remote host key and save it\n"
+#endif
#ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple allowed)\n"
#endif
@@ -160,6 +163,11 @@ void cli_getopts(int argc, char ** argv)
case 'y': /* always accept the remote hostkey */
cli_opts.always_accept_key = 1;
break;
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ case 'Y': /* always accept the remote hostkey and save it down */
+ cli_opts.always_accept_key = -1;
+ break;
+#endif
case 'p': /* remoteport */
next = &cli_opts.remoteport;
break;
diff -pru dropbear-0.50/options.h dropbear-0.50_raf/options.h
--- dropbear-0.50/options.h 2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50_raf/options.h 2007-10-17 15:02:09.107121213 +0200
@@ -235,6 +235,12 @@ etc) slower (perhaps by 50%). Recommende
be overridden at runtime with -K. 0 disables keepalives */
#define DEFAULT_KEEPALIVE 0
+/* Embedded systems should need an unconditionally acceptance of
+ hostkey and store it for future use (with sftp for example) but
+ enabling this command line option could reduce the system security.
+ If you are not sure of what are you doing do not activate this option! */
+/* #define ENABLE_ACCEPT_AND_SAVE_HOSTKEY */
+
/*******************************************************************
* You shouldn't edit below here unless you know you need to.
*******************************************************************/
