[PATCH] disable hostkey verification

Devin Bayer devin at freeshell.org
Wed Nov 2 02:34:31 WST 2005


Hello.  This patch allows dbclient to be used non-interactivly without 
having to pipe a "y" character to it.  It's very simple and also saves a 
few bytes for people interested in that sort of thing.  This is against 
version 0.46. Thanks - Devin Bayer


--- cli-kex-old.c       2005-11-01 09:13:43.000000000 -0800
+++ cli-kex.c   2005-11-01 10:25:57.000000000 -0800
@@ -38,8 +38,10 @@
 #include "signkey.h"


+#ifdef ENABLE_HOST_KEY_CHECKING
 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
 #define MAX_KNOWNHOSTS_LINE 4500
+#endif

 void send_msg_kexdh_init() {

@@ -78,10 +80,12 @@ void recv_msg_kexdh_reply() {
        keybloblen = buf_getint(ses.payload);

        keyblob = buf_getptr(ses.payload, keybloblen);
+#ifdef ENABLE_HOST_KEY_CHECKING
        if (!ses.kexstate.donefirstkex) {
                /* Only makes sense the first time */
                checkhostkey(keyblob, keybloblen);
        }
+#endif

        if (buf_get_pub_key(ses.payload, hostkey, &type) != 
DROPBEAR_SUCCESS) {
                TRACE(("failed getting pubkey"))
@@ -112,6 +116,7 @@ void recv_msg_kexdh_reply() {
        TRACE(("leave recv_msg_kexdh_init"))
 }

+#ifdef ENABLE_HOST_KEY_CHECKING
 static void ask_to_confirm(unsigned char* keyblob, unsigned int 
keybloblen) {

        char* fp = NULL;
@@ -286,3 +291,4 @@ out:
                buf_free(line);
        }
 }
+#endif
--- options-old.h       2005-11-01 09:41:45.000000000 -0800
+++ options.h   2005-11-01 09:50:57.000000000 -0800
@@ -136,6 +136,9 @@ etc) slower (perhaps by 50%). Recommende
  * return the password on standard output */
 /*#define ENABLE_CLI_ASKPASS_HELPER*/

+/* Are remote host keys checked? */
+#define ENABLE_HOST_KEY_CHECKING
+
 /* Random device to use - define either DROPBEAR_RANDOM_DEV or
  * DROPBEAR_PRNGD_SOCKET.
  * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,




More information about the Dropbear mailing list