https://bugzilla.mindrot.org/show_bug.cgi?id=2803
Bug ID: 2803
Summary: User input for cont.connection w/ new key doesn't
checks properly
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: [email protected]
Reporter: [email protected]
When you connecting to an unknown server you will get a message
"The authenticity of host ABC can't be established.
ECDSA key fingerprint is SHA256:XYZ.
Are you sure you want to continue connecting (yes/no)?"
If you type 'yesno' for example it will be treated as 'yes'
It looks like the issue in `sshconnect.c: static int confirm(const char
*prompt)` function. It checks only 2||3 symbols from user input:
strncasecmp(p, "no", 2)||strncasecmp(p, "yes", 3)
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
