[PATCH] disable hostkey verification
Devin Bayer
devin at freeshell.org
Wed Nov 2 02:34:31 WST 2005
Hello. This patch allows dbclient to be used non-interactivly without
having to pipe a "y" character to it. It's very simple and also saves a
few bytes for people interested in that sort of thing. This is against
version 0.46. Thanks - Devin Bayer
--- cli-kex-old.c 2005-11-01 09:13:43.000000000 -0800
+++ cli-kex.c 2005-11-01 10:25:57.000000000 -0800
@@ -38,8 +38,10 @@
#include "signkey.h"
+#ifdef ENABLE_HOST_KEY_CHECKING
static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
#define MAX_KNOWNHOSTS_LINE 4500
+#endif
void send_msg_kexdh_init() {
@@ -78,10 +80,12 @@ void recv_msg_kexdh_reply() {
keybloblen = buf_getint(ses.payload);
keyblob = buf_getptr(ses.payload, keybloblen);
+#ifdef ENABLE_HOST_KEY_CHECKING
if (!ses.kexstate.donefirstkex) {
/* Only makes sense the first time */
checkhostkey(keyblob, keybloblen);
}
+#endif
if (buf_get_pub_key(ses.payload, hostkey, &type) !=
DROPBEAR_SUCCESS) {
TRACE(("failed getting pubkey"))
@@ -112,6 +116,7 @@ void recv_msg_kexdh_reply() {
TRACE(("leave recv_msg_kexdh_init"))
}
+#ifdef ENABLE_HOST_KEY_CHECKING
static void ask_to_confirm(unsigned char* keyblob, unsigned int
keybloblen) {
char* fp = NULL;
@@ -286,3 +291,4 @@ out:
buf_free(line);
}
}
+#endif
--- options-old.h 2005-11-01 09:41:45.000000000 -0800
+++ options.h 2005-11-01 09:50:57.000000000 -0800
@@ -136,6 +136,9 @@ etc) slower (perhaps by 50%). Recommende
* return the password on standard output */
/*#define ENABLE_CLI_ASKPASS_HELPER*/
+/* Are remote host keys checked? */
+#define ENABLE_HOST_KEY_CHECKING
+
/* Random device to use - define either DROPBEAR_RANDOM_DEV or
* DROPBEAR_PRNGD_SOCKET.
* DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
More information about the Dropbear
mailing list