Sorry guys,
this is the RIGHT patch and this is the test procedure:
/.ssh # export DROPBEAR_PASSWORD=guest
/.ssh # cat known_hosts
/.ssh # ssh -Y [EMAIL PROTECTED] hostname
Host '172.16.119.6' key accepted unconditionally.
(fingerprint md5 c9:50:c6:b3:eb:f8:80:be:68:fe:a1:fd:51:fb:d8:15)
eemd2364170
/.ssh # cat known_hosts
172.16.119.6 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAsYTt7X7ACOWazixl64T5sgBCnuB3OboOc5CJYb+ESaRXTk/d4mduEWmlVanh5CjOen2glvaJvkz5FqCzcq88UD23+aHV9HvxXT=
/.ssh # vi known_hosts #altering hostkey
/.ssh # cat known_hosts
172.16.119.6 ssh-rsa
BAAAB3NzaC1yc2EAAAABIwAAAQEAsYTt7X7ACOWazixl64T5sgBCnuB3OboOc5CJYb+ESaRXTk/d4mduEWmlVanh5CjOen2glvaJvkz5FqCzcq88UD23+aHV9HvxXT=
/.ssh # ssh [EMAIL PROTECTED] hostname
ssh: connection to [EMAIL PROTECTED]:22 exited:
Host key mismatch for 172.16.119.6 !
Fingerprint is md5 c9:50:c6:b3:eb:f8:80:be:68:fe:a1:fd:51:fb:d8:15
Expected md5 92:3a:88:29:46:69:66:67:6d:88:4e:4e:17:1e:17:23
If you know that the host key is correct you can
remove the bad entry from ~/.ssh/known_hosts
/.ssh # ssh -Y [EMAIL PROTECTED] hostname
Host '172.16.119.6' key accepted unconditionally.
(fingerprint md5 c9:50:c6:b3:eb:f8:80:be:68:fe:a1:fd:51:fb:d8:15)
eemd2364170
Cheers,
--
/roberto
diff -pru dropbear-0.50/cli-kex.c dropbear-0.50_raf/cli-kex.c
--- dropbear-0.50/cli-kex.c 2007-08-08 17:39:36.000000000 +0200
+++ dropbear-0.50_raf/cli-kex.c 2007-10-17 14:56:57.011556128 +0200
@@ -278,6 +278,13 @@ static void checkhostkey(unsigned char*
goto out;
}
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ if (cli_opts.always_accept_key < 0) {
+ /* The keys didn't match. eep. but acceptance is forced anyway */
+ TRACE(("Host key mismatch but acceptance is forced anyway by command line parameter"))
+ break;
+ }
+#endif
/* The keys didn't match. eep. Note that we're "leaking"
the fingerprint strings here, but we're exiting anyway */
dropbear_exit("\n\nHost key mismatch for %s !\n"
@@ -287,19 +294,19 @@ static void checkhostkey(unsigned char*
cli_opts.remotehost,
sign_key_fingerprint(keyblob, keybloblen),
fingerprint ? fingerprint : "UNKNOWN");
+
} while (1); /* keep going 'til something happens */
/* Key doesn't exist yet */
ask_to_confirm(keyblob, keybloblen);
/* If we get here, they said yes */
-
if (readonly) {
TRACE(("readonly"))
goto out;
}
- if (!cli_opts.always_accept_key) {
+ if (cli_opts.always_accept_key <= 0) {
/* put the new entry in the file */
fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
buf_setpos(line, 0);
diff -pru dropbear-0.50/cli-runopts.c dropbear-0.50_raf/cli-runopts.c
--- dropbear-0.50/cli-runopts.c 2007-08-08 17:39:36.000000000 +0200
+++ dropbear-0.50_raf/cli-runopts.c 2007-10-17 14:58:42.199568767 +0200
@@ -53,6 +53,9 @@ static void printhelp() {
"-N Don't run a remote command\n"
"-f Run in background after auth\n"
"-y Always accept remote host key if unknown\n"
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ "-Y Always accept remote host key and save it\n"
+#endif
#ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple allowed)\n"
#endif
@@ -160,6 +163,11 @@ void cli_getopts(int argc, char ** argv)
case 'y': /* always accept the remote hostkey */
cli_opts.always_accept_key = 1;
break;
+#ifdef ENABLE_ACCEPT_AND_SAVE_HOSTKEY
+ case 'Y': /* always accept the remote hostkey and save it down */
+ cli_opts.always_accept_key = -1;
+ break;
+#endif
case 'p': /* remoteport */
next = &cli_opts.remoteport;
break;
diff -pru dropbear-0.50/options.h dropbear-0.50_raf/options.h
--- dropbear-0.50/options.h 2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50_raf/options.h 2007-10-17 15:02:09.107121213 +0200
@@ -235,6 +235,12 @@ etc) slower (perhaps by 50%). Recommende
be overridden at runtime with -K. 0 disables keepalives */
#define DEFAULT_KEEPALIVE 0
+/* Embedded systems should need an unconditionally acceptance of
+ hostkey and store it for future use (with sftp for example) but
+ enabling this command line option could reduce the system security.
+ If you are not sure of what are you doing do not activate this option! */
+/* #define ENABLE_ACCEPT_AND_SAVE_HOSTKEY */
+
/*******************************************************************
* You shouldn't edit below here unless you know you need to.
*******************************************************************/
