diff --git a/console.c b/console.c index 2431bccb..7155b9f0 100644 --- a/console.c +++ b/console.c @@ -22,7 +22,8 @@ const char hk_absentmsg_interactive_intro[] = "If you do not trust this host, press Return to abandon the\n" "connection.\n"; const char hk_absentmsg_interactive_prompt[] = - "Store key in cache? (y/n, Return cancels connection) "; + "Store key in cache? (y/n, Return cancels connection, " + "i for more info) "; const char hk_wrongmsg_common_fmt[] = "WARNING - POTENTIAL SECURITY BREACH!\n" @@ -41,7 +42,8 @@ const char hk_wrongmsg_interactive_intro[] = "Return to cancel. Pressing Return is the ONLY guaranteed\n" "safe choice.\n"; const char hk_wrongmsg_interactive_prompt[] = - "Update cached key? (y/n, Return cancels connection) "; + "Update cached key? (y/n, Return cancels connection, " + "i for more info) "; const char weakcrypto_msg_common_fmt[] = "The first %s supported by the server is\n" diff --git a/unix/uxcons.c b/unix/uxcons.c index 7dd2b411..90e73a98 100644 --- a/unix/uxcons.c +++ b/unix/uxcons.c @@ -143,19 +143,32 @@ int console_verify_ssh_host_key( fputs(intro, stderr); fflush(stderr); + while (true) { + fputs(prompt, stderr); + fflush(stderr); - fputs(prompt, stderr); - fflush(stderr); + struct termios oldmode, newmode; + tcgetattr(0, &oldmode); + newmode = oldmode; + newmode.c_lflag |= ECHO | ISIG | ICANON; + tcsetattr(0, TCSANOW, &newmode); + line[0] = '\0'; + if (block_and_read(0, line, sizeof(line) - 1) <= 0) + /* handled below */; + tcsetattr(0, TCSANOW, &oldmode); - struct termios oldmode, newmode; - tcgetattr(0, &oldmode); - newmode = oldmode; - newmode.c_lflag |= ECHO | ISIG | ICANON; - tcsetattr(0, TCSANOW, &newmode); - line[0] = '\0'; - if (block_and_read(0, line, sizeof(line) - 1) <= 0) - /* handled below */; - tcsetattr(0, TCSANOW, &oldmode); + if (line[0] == 'i' || line[0] == 'I') { + fprintf(stderr, "Full public key:\n%s\n", keydisp); + if (fingerprints[SSH_FPTYPE_SHA256]) + fprintf(stderr, "SHA256 key fingerprint:\n%s\n", + fingerprints[SSH_FPTYPE_SHA256]); + if (fingerprints[SSH_FPTYPE_MD5]) + fprintf(stderr, "MD5 key fingerprint:\n%s\n", + fingerprints[SSH_FPTYPE_MD5]); + } else { + break; + } + } /* In case of misplaced reflexes from another program, also recognise 'q' * as 'abandon connection rather than trust this key' */ diff --git a/windows/wincons.c b/windows/wincons.c index 69cfe09a..414167b4 100644 --- a/windows/wincons.c +++ b/windows/wincons.c @@ -74,17 +74,31 @@ int console_verify_ssh_host_key( fputs(intro, stderr); fflush(stderr); - fputs(prompt, stderr); - fflush(stderr); + while (true) { + fputs(prompt, stderr); + fflush(stderr); - line[0] = '\0'; /* fail safe if ReadFile returns no data */ + line[0] = '\0'; /* fail safe if ReadFile returns no data */ - hin = GetStdHandle(STD_INPUT_HANDLE); - GetConsoleMode(hin, &savemode); - SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | - ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); - ReadFile(hin, line, sizeof(line) - 1, &i, NULL); - SetConsoleMode(hin, savemode); + hin = GetStdHandle(STD_INPUT_HANDLE); + GetConsoleMode(hin, &savemode); + SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | + ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); + ReadFile(hin, line, sizeof(line) - 1, &i, NULL); + SetConsoleMode(hin, savemode); + + if (line[0] == 'i' || line[0] == 'I') { + fprintf(stderr, "Full public key:\n%s\n", keydisp); + if (fingerprints[SSH_FPTYPE_SHA256]) + fprintf(stderr, "SHA256 key fingerprint:\n%s\n", + fingerprints[SSH_FPTYPE_SHA256]); + if (fingerprints[SSH_FPTYPE_MD5]) + fprintf(stderr, "MD5 key fingerprint:\n%s\n", + fingerprints[SSH_FPTYPE_MD5]); + } else { + break; + } + } /* In case of misplaced reflexes from another program, also recognise 'q' * as 'abandon connection rather than trust this key' */