mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Console host key prompts: add 'more info' action.
Now you can press 'i' at the host key prompt, and it will print all the key fingerprints we know about, plus the full public key. So if you wanted to check against a fingerprint type that wasn't the one shown in the default prompt, you can see all the ones we've got.
This commit is contained in:
parent
3461196197
commit
1b1a91fa3d
@ -22,7 +22,8 @@ const char hk_absentmsg_interactive_intro[] =
|
||||
"If you do not trust this host, press Return to abandon the\n"
|
||||
"connection.\n";
|
||||
const char hk_absentmsg_interactive_prompt[] =
|
||||
"Store key in cache? (y/n, Return cancels connection) ";
|
||||
"Store key in cache? (y/n, Return cancels connection, "
|
||||
"i for more info) ";
|
||||
|
||||
const char hk_wrongmsg_common_fmt[] =
|
||||
"WARNING - POTENTIAL SECURITY BREACH!\n"
|
||||
@ -41,7 +42,8 @@ const char hk_wrongmsg_interactive_intro[] =
|
||||
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
|
||||
"safe choice.\n";
|
||||
const char hk_wrongmsg_interactive_prompt[] =
|
||||
"Update cached key? (y/n, Return cancels connection) ";
|
||||
"Update cached key? (y/n, Return cancels connection, "
|
||||
"i for more info) ";
|
||||
|
||||
const char weakcrypto_msg_common_fmt[] =
|
||||
"The first %s supported by the server is\n"
|
||||
|
@ -143,19 +143,32 @@ int console_verify_ssh_host_key(
|
||||
|
||||
fputs(intro, stderr);
|
||||
fflush(stderr);
|
||||
while (true) {
|
||||
fputs(prompt, stderr);
|
||||
fflush(stderr);
|
||||
|
||||
fputs(prompt, stderr);
|
||||
fflush(stderr);
|
||||
struct termios oldmode, newmode;
|
||||
tcgetattr(0, &oldmode);
|
||||
newmode = oldmode;
|
||||
newmode.c_lflag |= ECHO | ISIG | ICANON;
|
||||
tcsetattr(0, TCSANOW, &newmode);
|
||||
line[0] = '\0';
|
||||
if (block_and_read(0, line, sizeof(line) - 1) <= 0)
|
||||
/* handled below */;
|
||||
tcsetattr(0, TCSANOW, &oldmode);
|
||||
|
||||
struct termios oldmode, newmode;
|
||||
tcgetattr(0, &oldmode);
|
||||
newmode = oldmode;
|
||||
newmode.c_lflag |= ECHO | ISIG | ICANON;
|
||||
tcsetattr(0, TCSANOW, &newmode);
|
||||
line[0] = '\0';
|
||||
if (block_and_read(0, line, sizeof(line) - 1) <= 0)
|
||||
/* handled below */;
|
||||
tcsetattr(0, TCSANOW, &oldmode);
|
||||
if (line[0] == 'i' || line[0] == 'I') {
|
||||
fprintf(stderr, "Full public key:\n%s\n", keydisp);
|
||||
if (fingerprints[SSH_FPTYPE_SHA256])
|
||||
fprintf(stderr, "SHA256 key fingerprint:\n%s\n",
|
||||
fingerprints[SSH_FPTYPE_SHA256]);
|
||||
if (fingerprints[SSH_FPTYPE_MD5])
|
||||
fprintf(stderr, "MD5 key fingerprint:\n%s\n",
|
||||
fingerprints[SSH_FPTYPE_MD5]);
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* In case of misplaced reflexes from another program, also recognise 'q'
|
||||
* as 'abandon connection rather than trust this key' */
|
||||
|
@ -74,17 +74,31 @@ int console_verify_ssh_host_key(
|
||||
fputs(intro, stderr);
|
||||
fflush(stderr);
|
||||
|
||||
fputs(prompt, stderr);
|
||||
fflush(stderr);
|
||||
while (true) {
|
||||
fputs(prompt, stderr);
|
||||
fflush(stderr);
|
||||
|
||||
line[0] = '\0'; /* fail safe if ReadFile returns no data */
|
||||
line[0] = '\0'; /* fail safe if ReadFile returns no data */
|
||||
|
||||
hin = GetStdHandle(STD_INPUT_HANDLE);
|
||||
GetConsoleMode(hin, &savemode);
|
||||
SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
|
||||
ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
|
||||
ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
|
||||
SetConsoleMode(hin, savemode);
|
||||
hin = GetStdHandle(STD_INPUT_HANDLE);
|
||||
GetConsoleMode(hin, &savemode);
|
||||
SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
|
||||
ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
|
||||
ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
|
||||
SetConsoleMode(hin, savemode);
|
||||
|
||||
if (line[0] == 'i' || line[0] == 'I') {
|
||||
fprintf(stderr, "Full public key:\n%s\n", keydisp);
|
||||
if (fingerprints[SSH_FPTYPE_SHA256])
|
||||
fprintf(stderr, "SHA256 key fingerprint:\n%s\n",
|
||||
fingerprints[SSH_FPTYPE_SHA256]);
|
||||
if (fingerprints[SSH_FPTYPE_MD5])
|
||||
fprintf(stderr, "MD5 key fingerprint:\n%s\n",
|
||||
fingerprints[SSH_FPTYPE_MD5]);
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* In case of misplaced reflexes from another program, also recognise 'q'
|
||||
* as 'abandon connection rather than trust this key' */
|
||||
|
Loading…
Reference in New Issue
Block a user