nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-12 18:13:50 -05:00
Code Issues Projects Releases Wiki Activity

Mention the host name in host-key prompts.

Browse Source 
Now that it's possible for a single invocation of PuTTY to connect to
multiple SSH servers (jump host followed by ultimate destination
host), it's rather unhelpful for host key prompts to just say "the
server". To check an unknown host key, users will need to know _which_
host it's purporting to be the key for.

Another possibility is to put a message in the terminal window
indicating which server we're currently in the SSH setup phase for.
That will certainly be what we have to end up doing for userpass
prompts that appear _in_ the terminal window. But that by itself is
still unhelpful for host key prompts in a separate dialog, because the
user would have to check both windows to get all the information they
need. Easier if the host key dialog itself tells you everything you
need to know to answer the question: is _this_ key the one you expect
for _that_ host?
This commit is contained in:
Simon Tatham 2021-09-15 14:41:00 +01:00
parent f317f8e67e
commit d1dc1e927c
8 changed files with 89 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
console.c
View File

@ -9,13 +9,16 @@
#include "misc.h"
#include "console.h"
char *hk_absentmsg_common(const char *keytype, const char *fingerprint)
char *hk_absentmsg_common(const char *host, int port,
const char *keytype, const char *fingerprint)
{
return dupprintf(
"The server's host key is not cached. You have no guarantee\n"
"that the server is the computer you think it is.\n"
"The host key is not cached for this server:\n"
" %s (port %d)\n"
"You have no guarantee that the server is the computer\n"
"you think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n", keytype, fingerprint);
" %s\n", host, port, keytype, fingerprint);
}
const char hk_absentmsg_interactive_intro[] =
@ -29,16 +32,19 @@ const char hk_absentmsg_interactive_prompt[] =
"Store key in cache? (y/n, Return cancels connection, "
"i for more info) ";
char *hk_wrongmsg_common(const char *keytype, const char *fingerprint)
char *hk_wrongmsg_common(const char *host, int port,
const char *keytype, const char *fingerprint)
{
return dupprintf(
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has\n"
"cached. This means that either the server administrator\n"
"has changed the host key, or you have actually connected\n"
"The host key does not match the one PuTTY has cached\n"
"for this server:\n"
" %s (port %d)\n"
"This means that either the server administrator has\n"
"changed the host key, or you have actually connected\n"
"to another computer pretending to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n", keytype, fingerprint);
" %s\n", host, port, keytype, fingerprint);
}
const char hk_wrongmsg_interactive_intro[] =

6
console.h
View File

@ -2,11 +2,13 @@
* Common pieces between the platform console frontend modules.
*/
char *hk_absentmsg_common(const char *keytype, const char *fingerprint);
char *hk_absentmsg_common(const char *host, int port,
const char *keytype, const char *fingerprint);
extern const char hk_absentmsg_interactive_intro[];
extern const char hk_absentmsg_interactive_prompt[];
char *hk_wrongmsg_common(const char *keytype, const char *fingerprint);
char *hk_wrongmsg_common(const char *host, int port,
const char *keytype, const char *fingerprint);
extern const char hk_wrongmsg_interactive_intro[];
extern const char hk_wrongmsg_interactive_prompt[];

6
unix/console.c
View File

@ -126,11 +126,13 @@ int console_verify_ssh_host_key(
ssh2_pick_default_fingerprint(fingerprints);
if (ret == 2) { /* key was different */
common = hk_wrongmsg_common(keytype, fingerprints[fptype_default]);
common = hk_wrongmsg_common(host, port, keytype,
fingerprints[fptype_default]);
intro = hk_wrongmsg_interactive_intro;
prompt = hk_wrongmsg_interactive_prompt;
} else { /* key was absent */
common = hk_absentmsg_common(keytype, fingerprints[fptype_default]);
common = hk_absentmsg_common(host, port, keytype,
fingerprints[fptype_default]);
intro = hk_absentmsg_interactive_intro;
prompt = hk_absentmsg_interactive_prompt;
}

26
unix/dialog.c
View File

@ -3545,10 +3545,12 @@ int gtk_seat_verify_ssh_host_key(
void (*callback)(void *ctx, int result), void *ctx)
{
static const char absenttxt[] =
"The server's host key is not cached. You have no guarantee "
"that the server is the computer you think it is.\n"
"The server's %s key fingerprint is:\n"
"%s\n"
"The host key is not cached for this server:\n\n"
"%s (port %d)\n\n"
"You have no guarantee that the server is the computer "
"you think it is.\n"
"The server's %s key fingerprint is:\n\n"
"%s\n\n"
"If you trust this host, press \"Accept\" to add the key to "
"PuTTY's cache and carry on connecting.\n"
"If you want to carry on connecting just once, without "
@ -3557,12 +3559,14 @@ int gtk_seat_verify_ssh_host_key(
"connection.";
static const char wrongtxt[] =
"WARNING - POTENTIAL SECURITY BREACH!\n"
"The server's host key does not match the one PuTTY has "
"cached. This means that either the server administrator "
"has changed the host key, or you have actually connected "
"The host key does not match the one PuTTY has cached "
"for this server:\n\n"
"%s (port %d)\n\n"
"This means that either the server administrator has "
"changed the host key, or you have actually connected "
"to another computer pretending to be the server.\n"
"The new %s key fingerprint is:\n"
"%s\n"
"The new %s key fingerprint is:\n\n"
"%s\n\n"
"If you were expecting this change and trust the new key, "
"press \"Accept\" to update PuTTY's cache and continue connecting.\n"
"If you want to carry on connecting but without updating "
@ -3595,8 +3599,8 @@ int gtk_seat_verify_ssh_host_key(
FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
text = dupprintf((ret == 2 ? wrongtxt : absenttxt), keytype,
fingerprints[fptype_default]);
text = dupprintf((ret == 2 ? wrongtxt : absenttxt), host, port,
keytype, fingerprints[fptype_default]);
result_ctx = snew(struct verify_ssh_host_key_dialog_ctx);
result_ctx->callback = callback;

6
windows/console.c
View File

@ -57,11 +57,13 @@ int console_verify_ssh_host_key(
ssh2_pick_default_fingerprint(fingerprints);
if (ret == 2) { /* key was different */
common = hk_wrongmsg_common(keytype, fingerprints[fptype_default]);
common = hk_wrongmsg_common(host, port, keytype,
fingerprints[fptype_default]);
intro = hk_wrongmsg_interactive_intro;
prompt = hk_wrongmsg_interactive_prompt;
} else { /* key was absent */
common = hk_absentmsg_common(keytype, fingerprints[fptype_default]);
common = hk_absentmsg_common(host, port, keytype,
fingerprints[fptype_default]);
intro = hk_absentmsg_interactive_intro;
prompt = hk_absentmsg_interactive_prompt;
}

9
windows/dialog.c
View File

@ -825,6 +825,8 @@ void showabout(HWND hwnd)
struct hostkey_dialog_ctx {
const char *const *keywords;
const char *const *values;
const char *host;
int port;
FingerprintType fptype_default;
char **fingerprints;
const char *keydisp;
@ -901,6 +903,11 @@ static INT_PTR CALLBACK HostKeyDialogProc(HWND hwnd, UINT msg,
}
strbuf_free(sb);
char *hostport = dupprintf("%s (port %d)", ctx->host, ctx->port);
SetDlgItemText(hwnd, IDC_HK_HOST, hostport);
sfree(hostport);
MakeDlgItemBorderless(hwnd, IDC_HK_HOST);
SetDlgItemText(hwnd, IDC_HK_FINGERPRINT,
ctx->fingerprints[ctx->fptype_default]);
MakeDlgItemBorderless(hwnd, IDC_HK_FINGERPRINT);
@ -1002,6 +1009,8 @@ int win_seat_verify_ssh_host_key(
ctx->iconid = (ret == 2 ? IDI_WARNING : IDI_QUESTION);
ctx->helpctx = (ret == 2 ? WINHELP_CTX_errors_hostkey_changed :
WINHELP_CTX_errors_hostkey_absent);
ctx->host = host;
ctx->port = port;
int dlgid = (ret == 2 ? IDD_HK_WRONG : IDD_HK_ABSENT);
int mbret = DialogBoxParam(
hinst, MAKEINTRESOURCE(dlgid), wgs->term_hwnd,

68
windows/putty-common.rc2
View File

@ -57,60 +57,62 @@ BEGIN
END
/* No accelerators used */
IDD_HK_ABSENT DIALOG DISCARDABLE 50, 50, 340, 148
IDD_HK_ABSENT DIALOG DISCARDABLE 50, 50, 340, 160
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PuTTY Security Alert"
FONT 8, "MS Shell Dlg"
BEGIN
LTEXT "The server's host key is not cached in the registry. You have no", 100, 40, 20, 300, 8
LTEXT "guarantee that the server is the computer you think it is.", 101, 40, 28, 300, 8
LTEXT "The server's {KEYTYPE} key fingerprint is:", 102, 40, 40, 300, 8
LTEXT "If you trust this host, press ""Accept"" to add the key to {APPNAME}'s", 103, 40, 60, 300, 8
LTEXT "cache and carry on connecting.", 104, 40, 68, 300, 8
LTEXT "If you want to carry on connecting just once, without adding the key", 105, 40, 80, 300, 8
LTEXT "to the cache, press ""Connect Once"".", 106, 40, 88, 300, 8
LTEXT "If you do not trust this host, press ""Cancel"" to abandon the connection.", 107, 40, 100, 300, 8
LTEXT "The host key is not cached for this server:", 100, 40, 20, 300, 8
LTEXT "You have no guarantee that the server is the computer you think it is.", 101, 40, 40, 300, 8
LTEXT "The server's {KEYTYPE} key fingerprint is:", 102, 40, 52, 300, 8
LTEXT "If you trust this host, press ""Accept"" to add the key to {APPNAME}'s", 103, 40, 72, 300, 8
LTEXT "cache and carry on connecting.", 104, 40, 80, 300, 8
LTEXT "If you want to carry on connecting just once, without adding the key", 105, 40, 92, 300, 8
LTEXT "to the cache, press ""Connect Once"".", 106, 40, 100, 300, 8
LTEXT "If you do not trust this host, press ""Cancel"" to abandon the connection.", 107, 40, 112, 300, 8
ICON "", IDC_HK_ICON, 10, 18, 0, 0
PUSHBUTTON "Cancel", IDCANCEL, 288, 128, 40, 14
PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 128, 40, 14
PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 128, 64, 14
PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 128, 64, 14
PUSHBUTTON "Help", IDHELP, 12, 128, 40, 14
PUSHBUTTON "Cancel", IDCANCEL, 288, 140, 40, 14
PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 140, 40, 14
PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 140, 64, 14
PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 140, 64, 14
PUSHBUTTON "Help", IDHELP, 12, 140, 40, 14
EDITTEXT IDC_HK_FINGERPRINT, 40, 48, 300, 12, ES_READONLY | ES_LEFT, 0
EDITTEXT IDC_HK_HOST, 40, 28, 300, 12, ES_READONLY | ES_LEFT, 0
EDITTEXT IDC_HK_FINGERPRINT, 40, 60, 300, 12, ES_READONLY | ES_LEFT, 0
END
/* No accelerators used */
IDD_HK_WRONG DIALOG DISCARDABLE 50, 50, 340, 188
IDD_HK_WRONG DIALOG DISCARDABLE 50, 50, 340, 200
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PuTTY Security Alert"
FONT 8, "MS Shell Dlg"
BEGIN
LTEXT "WARNING - POTENTIAL SECURITY BREACH!", IDC_HK_TITLE, 40, 20, 300, 12
LTEXT "The server's host key does not match the one {APPNAME} has cached in", 100, 40, 36, 300, 8
LTEXT "the registry. This means that either the server administrator has", 101, 40, 44, 300, 8
LTEXT "changed the host key, or you have actually connected to another", 102, 40, 52, 300, 8
LTEXT "computer pretending to be the server.", 103, 40, 60, 300, 8
LTEXT "The new {KEYTYPE} key fingerprint is:", 104, 40, 72, 300, 8
LTEXT "If you were expecting this change and trust the new key, press", 105, 40, 92, 300, 8
LTEXT """Accept"" to update {APPNAME}'s cache and continue connecting.", 106, 40, 100, 300, 8
LTEXT "If you want to carry on connecting but without updating the cache,", 107, 40, 112, 300, 8
LTEXT "press ""Connect Once"".", 108, 40, 120, 300, 8
LTEXT "If you want to abandon the connection completely, press ""Cancel"".", 109, 40, 132, 300, 8
LTEXT "Pressing ""Cancel"" is the ONLY guaranteed safe choice.", 110, 40, 140, 300, 8
LTEXT "The host key does not match the one {APPNAME} has cached for this server:", 100, 40, 36, 300, 8
LTEXT "This means that either the server administrator has changed the", 101, 40, 56, 300, 8
LTEXT "host key, or you have actually connected to another computer", 102, 40, 64, 300, 8
LTEXT "pretending to be the server.", 103, 40, 72, 300, 8
LTEXT "The new {KEYTYPE} key fingerprint is:", 104, 40, 84, 300, 8
LTEXT "If you were expecting this change and trust the new key, press", 105, 40, 104, 300, 8
LTEXT """Accept"" to update {APPNAME}'s cache and continue connecting.", 106, 40, 112, 300, 8
LTEXT "If you want to carry on connecting but without updating the cache,", 107, 40, 124, 300, 8
LTEXT "press ""Connect Once"".", 108, 40, 132, 300, 8
LTEXT "If you want to abandon the connection completely, press ""Cancel"".", 109, 40, 144, 300, 8
LTEXT "Pressing ""Cancel"" is the ONLY guaranteed safe choice.", 110, 40, 152, 300, 8
ICON "", IDC_HK_ICON, 10, 16, 0, 0
PUSHBUTTON "Cancel", IDCANCEL, 288, 168, 40, 14
PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 168, 40, 14
PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 168, 64, 14
PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 168, 64, 14
PUSHBUTTON "Help", IDHELP, 12, 168, 40, 14
PUSHBUTTON "Cancel", IDCANCEL, 288, 180, 40, 14
PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 180, 40, 14
PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 180, 64, 14
PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 180, 64, 14
PUSHBUTTON "Help", IDHELP, 12, 180, 40, 14
EDITTEXT IDC_HK_FINGERPRINT, 40, 80, 300, 12, ES_READONLY | ES_LEFT, 0
EDITTEXT IDC_HK_HOST, 40, 44, 300, 12, ES_READONLY | ES_LEFT, 0
EDITTEXT IDC_HK_FINGERPRINT, 40, 92, 300, 12, ES_READONLY | ES_LEFT, 0
END
/* Accelerators used: clw */

5
windows/putty-rc.h
View File

@ -36,8 +36,9 @@
#define IDC_HK_TITLE 99
#define IDC_HK_ACCEPT 1001
#define IDC_HK_ONCE 1000
#define IDC_HK_FINGERPRINT 1002
#define IDC_HK_MOREINFO 1003
#define IDC_HK_HOST 1002
#define IDC_HK_FINGERPRINT 1003
#define IDC_HK_MOREINFO 1004
#define IDC_HKI_SHA256 1000
#define IDC_HKI_MD5 1001