# HG changeset patch # User Matt Johnston # Date 1365950959 -28800 # Node ID a9f2a6ae4eb5734d1f949cef7988af3e3cf084c7 # Parent 7fc0aeada79cddc44414074531705400a508b0e7# Parent a389a2a7aa96079455ebe078372e63c5a6a5c0f5 merge diff -r a389a2a7aa96 -r a9f2a6ae4eb5 cli-kex.c --- a/cli-kex.c Thu Apr 11 23:03:58 2013 +0800 +++ b/cli-kex.c Sun Apr 14 22:49:19 2013 +0800 @@ -227,6 +227,11 @@ buffer * line = NULL; int ret; + if (cli_opts.no_hostkey_check) { + fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost); + return; + } + hostsfile = open_known_hosts_file(&readonly); if (!hostsfile) { ask_to_confirm(keyblob, keybloblen); diff -r a389a2a7aa96 -r a9f2a6ae4eb5 cli-runopts.c --- a/cli-runopts.c Thu Apr 11 23:03:58 2013 +0800 +++ b/cli-runopts.c Sun Apr 14 22:49:19 2013 +0800 @@ -62,6 +62,7 @@ "-N Don't run a remote command\n" "-f Run in background after auth\n" "-y Always accept remote host key if unknown\n" + "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i (multiple allowed)\n" @@ -130,6 +131,7 @@ cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ cli_opts.always_accept_key = 0; + cli_opts.no_hostkey_check = 0; cli_opts.is_subsystem = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = list_new(); @@ -213,6 +215,10 @@ switch (argv[i][1]) { case 'y': /* always accept the remote hostkey */ + if (cli_opts.always_accept_key) { + // twice means no checking at all + cli_opts.no_hostkey_check = 1; + } cli_opts.always_accept_key = 1; break; case 'p': /* remoteport */ @@ -461,20 +467,31 @@ int total; unsigned int len = 0; m_list_elem *iter; - /* Fill out -i and -W options that make sense for all + /* Fill out -i, -y, -W options that make sense for all * the intermediate processes */ for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { sign_key * key = (sign_key*)iter->item; len += 3 + strlen(key->filename); } - len += 20; // space for -W , terminator. + len += 30; // space for -W , terminator. ret = m_malloc(len); total = 0; + if (cli_opts.no_hostkey_check) + { + int written = snprintf(ret+total, len-total, "-y -y "); + total += written; + } + else if (cli_opts.always_accept_key) + { + int written = snprintf(ret+total, len-total, "-y "); + total += written; + } + if (opts.recv_window != DEFAULT_RECV_WINDOW) { - int written = snprintf(ret+total, len-total, "-W %d", opts.recv_window); + int written = snprintf(ret+total, len-total, "-W %d ", opts.recv_window); total += written; } @@ -482,11 +499,17 @@ { sign_key * key = (sign_key*)iter->item; const size_t size = len - total; - int written = snprintf(ret+total, size, "-i %s", key->filename); + int written = snprintf(ret+total, size, "-i %s ", key->filename); dropbear_assert((unsigned int)written < size); total += written; } + /* if args where passed, total will be not zero, and it will have a space at the end, so remove that */ + if (total > 0) + { + total--; + } + return ret; } diff -r a389a2a7aa96 -r a9f2a6ae4eb5 dbclient.1 --- a/dbclient.1 Thu Apr 11 23:03:58 2013 +0800 +++ b/dbclient.1 Sun Apr 14 22:49:19 2013 +0800 @@ -80,7 +80,8 @@ .TP .B \-y Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the -connection will abort as normal. +connection will abort as normal. If specified a second time no host key checking +is performed at all, this is usually undesirable. .TP .B \-A Forward agent connections to the remote host. dbclient will use any diff -r a389a2a7aa96 -r a9f2a6ae4eb5 runopts.h --- a/runopts.h Thu Apr 11 23:03:58 2013 +0800 +++ b/runopts.h Sun Apr 14 22:49:19 2013 +0800 @@ -121,6 +121,7 @@ char *cmd; int wantpty; int always_accept_key; + int no_hostkey_check; int no_cmd; int backgrounded; int is_subsystem;