UpdateHostKeys fixes:

I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@

s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.

Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)

1 files changed, 7 insertions, 1 deletions

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 108efd4bfa7..536f104d1a8 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.414 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: ssh.c,v 1.415 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1042,6 +1042,12 @@ main(int ac, char **av)
 	    strcmp(options.proxy_command, "-") == 0 &&
 	    options.proxy_use_fdpass)
 		fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
+	if (options.control_persist &&
+	    options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
+		debug("UpdateHostKeys=ask is incompatible with ControlPersist; "
+		    "disabling");
+		options.update_hostkeys = 0;
+	}
 	if (original_effective_uid != 0)
 		options.use_privileged_port = 0;