[PATCH] ssh -Y: always accepts and stores the hostkey

Roberto A. Foglietta roberto.foglietta at gmail.com
Wed Oct 17 21:49:47 WST 2007


Hi to all folks,

 the attached patch add the -Y option which force the acceptance and
the storage of the hostkey. OpenSSH has a rc option which bypass the
check. In this patch storage of the unknown or not corresponding
hostkeys as been implemented. This option is NOT enabled by default
but it becames available editing options.h.

 Forcing the storage of the hostkey is usefull in some embedded
systems in which I have to use dropbear/ssh to get the hostkey and
after sftp which checks the stored hostkey.

 I am conscious that doing this the system could be exposed to
man-in-the-middle attack but not more than manually removing
know_hosts file.

 The usage of this option woudl be usefull  when user-remote-cli would
force the overwriting of the stored hostkey: the ssh first fails
because hostkey mismatch, the user will be informed about hostkey
mismatch and if the user confirms is not a man-in-the-middle case then
another run with -Y force the changes without the necessity of
remote-cli knows anything about embedded system apart -Y option.

 Please apply or comment back.

 Thanks,
-- 
/roberto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dropbear_always_accept_and_store_hostkey.patch
Type: text/x-diff
Size: 3237 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20071017/af279624/attachment.patch 


More information about the Dropbear mailing list