1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Console host key prompts: add 'more info' action.

Now you can press 'i' at the host key prompt, and it will print all
the key fingerprints we know about, plus the full public key. So if
you wanted to check against a fingerprint type that wasn't the one
shown in the default prompt, you can see all the ones we've got.
This commit is contained in:
Simon Tatham 2021-03-13 11:03:23 +00:00
parent 3461196197
commit 1b1a91fa3d
3 changed files with 51 additions and 22 deletions

View File

@ -22,7 +22,8 @@ const char hk_absentmsg_interactive_intro[] =
"If you do not trust this host, press Return to abandon the\n"
"connection.\n";
const char hk_absentmsg_interactive_prompt[] =
"Store key in cache? (y/n, Return cancels connection) ";
"Store key in cache? (y/n, Return cancels connection, "
"i for more info) ";
const char hk_wrongmsg_common_fmt[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
@ -41,7 +42,8 @@ const char hk_wrongmsg_interactive_intro[] =
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
"safe choice.\n";
const char hk_wrongmsg_interactive_prompt[] =
"Update cached key? (y/n, Return cancels connection) ";
"Update cached key? (y/n, Return cancels connection, "
"i for more info) ";
const char weakcrypto_msg_common_fmt[] =
"The first %s supported by the server is\n"

View File

@ -143,19 +143,32 @@ int console_verify_ssh_host_key(
fputs(intro, stderr);
fflush(stderr);
while (true) {
fputs(prompt, stderr);
fflush(stderr);
fputs(prompt, stderr);
fflush(stderr);
struct termios oldmode, newmode;
tcgetattr(0, &oldmode);
newmode = oldmode;
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
if (block_and_read(0, line, sizeof(line) - 1) <= 0)
/* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
struct termios oldmode, newmode;
tcgetattr(0, &oldmode);
newmode = oldmode;
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
if (block_and_read(0, line, sizeof(line) - 1) <= 0)
/* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
if (line[0] == 'i' || line[0] == 'I') {
fprintf(stderr, "Full public key:\n%s\n", keydisp);
if (fingerprints[SSH_FPTYPE_SHA256])
fprintf(stderr, "SHA256 key fingerprint:\n%s\n",
fingerprints[SSH_FPTYPE_SHA256]);
if (fingerprints[SSH_FPTYPE_MD5])
fprintf(stderr, "MD5 key fingerprint:\n%s\n",
fingerprints[SSH_FPTYPE_MD5]);
} else {
break;
}
}
/* In case of misplaced reflexes from another program, also recognise 'q'
* as 'abandon connection rather than trust this key' */

View File

@ -74,17 +74,31 @@ int console_verify_ssh_host_key(
fputs(intro, stderr);
fflush(stderr);
fputs(prompt, stderr);
fflush(stderr);
while (true) {
fputs(prompt, stderr);
fflush(stderr);
line[0] = '\0'; /* fail safe if ReadFile returns no data */
line[0] = '\0'; /* fail safe if ReadFile returns no data */
hin = GetStdHandle(STD_INPUT_HANDLE);
GetConsoleMode(hin, &savemode);
SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
SetConsoleMode(hin, savemode);
hin = GetStdHandle(STD_INPUT_HANDLE);
GetConsoleMode(hin, &savemode);
SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
SetConsoleMode(hin, savemode);
if (line[0] == 'i' || line[0] == 'I') {
fprintf(stderr, "Full public key:\n%s\n", keydisp);
if (fingerprints[SSH_FPTYPE_SHA256])
fprintf(stderr, "SHA256 key fingerprint:\n%s\n",
fingerprints[SSH_FPTYPE_SHA256]);
if (fingerprints[SSH_FPTYPE_MD5])
fprintf(stderr, "MD5 key fingerprint:\n%s\n",
fingerprints[SSH_FPTYPE_MD5]);
} else {
break;
}
}
/* In case of misplaced reflexes from another program, also recognise 'q'
* as 'abandon connection rather than trust this key' */