[PATCH] unconditionally accept host key

Luciano Miguel Ferreira Rocha strange at nsk.no-ip.org
Fri Feb 9 04:16:28 WST 2007


Hello,

The attached patch adds a new option, -y, to the dropbear client,
version 0.48.1.

I need it when running dropbear in scripts (as rsync transport
mechanism, for example).

Note, the patch adds to usage() the line:
"-y accept remote host keys, if unknown\n", but, as far as I can tell,
dropbear considers unknown and unmatched host keys simply as unknown.

-- 
lfr
0/0
-------------- next part --------------
diff -ur dropbear-0.48.1.orig/cli-kex.c dropbear-0.48.1/cli-kex.c
--- dropbear-0.48.1.orig/cli-kex.c	2006-03-12 04:52:52.000000000 +0000
+++ dropbear-0.48.1/cli-kex.c	2006-12-20 19:29:17.000000000 +0000
@@ -119,6 +119,13 @@
 	char response = 'z';
 
 	fp = sign_key_fingerprint(keyblob, keybloblen);
+	if (cli_opts.acceptkey) {
+		fprintf(stderr, "\nHost '%s' unconditionally added to the trusted hosts file.\n(fingerprint %s)\n",
+				cli_opts.remotehost,
+				fp);
+		m_free(fp);
+		return;
+	}
 	fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", 
 			cli_opts.remotehost, 
 			fp);
diff -ur dropbear-0.48.1.orig/cli-runopts.c dropbear-0.48.1/cli-runopts.c
--- dropbear-0.48.1.orig/cli-runopts.c	2006-03-12 04:52:52.000000000 +0000
+++ dropbear-0.48.1/cli-runopts.c	2006-12-20 20:29:06.000000000 +0000
@@ -46,6 +46,7 @@
 	fprintf(stderr, "Dropbear client v%s\n"
 					"Usage: %s [options] [user@]host\n"
 					"Options are:\n"
+					"-y accept remote host keys, if unknown\n"
 					"-p <remoteport>\n"
 					"-l <username>\n"
 					"-t    Allocate a pty\n"
@@ -89,6 +90,7 @@
 	cli_opts.username = NULL;
 	cli_opts.cmd = NULL;
 	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
+	cli_opts.acceptkey = 0;
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 	cli_opts.privkeys = NULL;
 #endif
@@ -144,6 +146,9 @@
 			/* A flag *waves* */
 
 			switch (argv[i][1]) {
+				case 'y': /* we want a pty */
+					cli_opts.acceptkey = 1;
+					break;
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
 					break;
diff -ur dropbear-0.48.1.orig/runopts.h dropbear-0.48.1/runopts.h
--- dropbear-0.48.1.orig/runopts.h	2006-03-12 04:52:51.000000000 +0000
+++ dropbear-0.48.1/runopts.h	2006-12-20 19:22:21.000000000 +0000
@@ -101,6 +101,7 @@
 
 	char *cmd;
 	int wantpty;
+	int acceptkey;
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 	struct SignKeyList *privkeys; /* Keys to use for public-key auth */
 #endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20070208/ea8302b8/attachment.pgp 


More information about the Dropbear mailing list