Patch for stricthostkey and a multihop fix
Hans Harder
hans at atbas.org
Sun Apr 7 22:03:37 WST 2013
Underneath some modifications against a stock 2013.56 version
- Added -Y option to completely ignore check for hostkeys
Needed this for connections to logical hosts, same as openssh -o
StrictHostKeychecking=no
- Added -y and -Y in function multihop_passthrough_args
- fix: in function multihop_passthrough_args there was no space kept
between the -W and -i args
so added always a space after each added arg
after last addition the last space is removed.
I am new to the dropbear sources, so perhaps I didn't see it
correctly....if so please correct me...
Overall nice sourcecode, very clean.
Hans
---
Quote: ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
diff -ruBpN dropbear-2013.56/cli-kex.c work/cli-kex.c
--- dropbear-2013.56/cli-kex.c 2013-03-21 08:29:34.000000000 -0700
+++ work/cli-kex.c 2013-04-07 03:01:31.000000000 -0600
@@ -217,6 +217,11 @@ static void checkhostkey(unsigned char*
buffer * line = NULL;
int ret;
+ if (!cli_opts.strict_hostkey) {
+ TRACE(("strict_hostkey disabled, ignoring hostkey check"));
+ return;
+ }
+
hostsfile = open_known_hosts_file(&readonly);
if (!hostsfile) {
ask_to_confirm(keyblob, keybloblen);
diff -ruBpN dropbear-2013.56/cli-runopts.c work/cli-runopts.c
--- dropbear-2013.56/cli-runopts.c 2013-03-21 08:29:34.000000000 -0700
+++ work/cli-runopts.c 2013-04-07 03:08:59.000000000 -0600
@@ -62,6 +62,7 @@ static void printhelp() {
"-N Don't run a remote command\n"
"-f Run in background after auth\n"
"-y Always accept remote
host key if unknown\n"
+ "-Y Always ignore the
remote host key\n"
"-s Request a subsystem
(use by external sftp)\n"
#ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple
allowed)\n"
@@ -130,6 +131,7 @@ void cli_getopts(int argc, char ** argv)
cli_opts.backgrounded = 0;
cli_opts.wantpty = 9; /* 9 means "it hasn't been touched",
gets set later */
cli_opts.always_accept_key = 0;
+ cli_opts.strict_hostkey = 1;
cli_opts.is_subsystem = 0;
#ifdef ENABLE_CLI_PUBKEY_AUTH
cli_opts.privkeys = list_new();
@@ -215,6 +217,9 @@ void cli_getopts(int argc, char ** argv)
case 'y': /* always accept the remote hostkey */
cli_opts.always_accept_key = 1;
break;
+ case 'Y': /* always ignore the remote hostkey */
+ cli_opts.strict_hostkey = 0;
+ break;
case 'p': /* remoteport */
next = &cli_opts.remoteport;
break;
@@ -461,20 +466,32 @@ multihop_passthrough_args() {
int total;
unsigned int len = 0;
m_list_elem *iter;
- /* Fill out -i and -W options that make sense for all
+ /* Fill out -i , -W, -y and -Y options that make sense for all
* the intermediate processes */
for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
{
sign_key * key = (sign_key*)iter->item;
len += 3 + strlen(key->filename);
}
- len += 20; // space for -W <size>, terminator.
+ len += 30; // space for -W <size>, terminator.
ret = m_malloc(len);
total = 0;
+ if (cli_opts.always_accept_key)
+ {
+ int written = snprintf(ret+total, len-total, "-y ");
+ total += written;
+ }
+
+ if (cli_opts.strict_hostkey == 0)
+ {
+ int written = snprintf(ret+total, len-total, "-Y ");
+ total += written;
+ }
+
if (opts.recv_window != DEFAULT_RECV_WINDOW)
{
- int written = snprintf(ret+total, len-total, "-W %d",
opts.recv_window);
+ int written = snprintf(ret+total, len-total, "-W %d ",
opts.recv_window);
total += written;
}
@@ -482,11 +499,17 @@ multihop_passthrough_args() {
{
sign_key * key = (sign_key*)iter->item;
const size_t size = len - total;
- int written = snprintf(ret+total, size, "-i %s", key->filename);
+ int written = snprintf(ret+total, size, "-i %s ",
key->filename);
dropbear_assert((unsigned int)written < size);
total += written;
}
-
+
+ /* if args where passed, total will be not zero, and it will
have a space at the end, so remove that */
+ if (total) total--;
+
+ /* make sure arg string is ended, especially if no args were passed. */
+ ret[total]='\0';
+
return ret;
}
diff -ruBpN dropbear-2013.56/runopts.h work/runopts.h
--- dropbear-2013.56/runopts.h 2013-03-21 08:29:35.000000000 -0700
+++ work/runopts.h 2013-04-07 01:55:25.000000000 -0700
@@ -121,6 +121,7 @@ typedef struct cli_runopts {
char *cmd;
int wantpty;
int always_accept_key;
+ int strict_hostkey;
int no_cmd;
int backgrounded;
int is_subsystem;
More information about the Dropbear
mailing list