diff options
| -rw-r--r-- | cli-kex.c | 45 | ||||
| -rw-r--r-- | cli-runopts.c | 5 | ||||
| -rw-r--r-- | runopts.h | 1 |
3 files changed, 33 insertions, 18 deletions
@@ -119,6 +119,13 @@ static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) { char response = 'z'; fp = sign_key_fingerprint(keyblob, keybloblen); + if (cli_opts.always_accept_key) { + fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(fingerprint %s)\n", + cli_opts.remotehost, + fp); + m_free(fp); + return; + } fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", cli_opts.remotehost, fp); @@ -268,24 +275,26 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { goto out; } - /* put the new entry in the file */ - fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ - buf_setpos(line, 0); - buf_setlen(line, 0); - buf_putbytes(line, ses.remotehost, hostlen); - buf_putbyte(line, ' '); - buf_putbytes(line, algoname, algolen); - buf_putbyte(line, ' '); - len = line->size - line->pos; - TRACE(("keybloblen %d, len %d", keybloblen, len)) - /* The only failure with base64 is buffer_overflow, but buf_getwriteptr - * will die horribly in the case anyway */ - base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); - buf_incrwritepos(line, len); - buf_putbyte(line, '\n'); - buf_setpos(line, 0); - fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); - /* We ignore errors, since there's not much we can do about them */ + if (!cli_opts.always_accept_key) { + /* put the new entry in the file */ + fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ + buf_setpos(line, 0); + buf_setlen(line, 0); + buf_putbytes(line, ses.remotehost, hostlen); + buf_putbyte(line, ' '); + buf_putbytes(line, algoname, algolen); + buf_putbyte(line, ' '); + len = line->size - line->pos; + TRACE(("keybloblen %d, len %d", keybloblen, len)) + /* The only failure with base64 is buffer_overflow, but buf_getwriteptr + * will die horribly in the case anyway */ + base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); + buf_incrwritepos(line, len); + buf_putbyte(line, '\n'); + buf_setpos(line, 0); + fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); + /* We ignore errors, since there's not much we can do about them */ + } out: if (hostsfile != NULL) { diff --git a/cli-runopts.c b/cli-runopts.c index 1a077b9..fc67850 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -52,6 +52,7 @@ static void printhelp() { "-T Don't allocate a pty\n" "-N Don't run a remote command\n" "-f Run in background after auth\n" + "-y Always accept remote host key if unknown\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed)\n" #endif @@ -93,6 +94,7 @@ void cli_getopts(int argc, char ** argv) { cli_opts.no_cmd = 0; cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ + cli_opts.always_accept_key = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = NULL; #endif @@ -148,6 +150,9 @@ void cli_getopts(int argc, char ** argv) { /* A flag *waves* */ switch (argv[i][1]) { + case 'y': /* always accept the remote hostkey */ + cli_opts.always_accept_key = 1; + break; case 'p': /* remoteport */ next = &cli_opts.remoteport; break; @@ -102,6 +102,7 @@ typedef struct cli_runopts { char *cmd; int wantpty; + int always_accept_key; int no_cmd; int backgrounded; #ifdef ENABLE_CLI_PUBKEY_AUTH |