diff options
| author |   provos <provos@openbsd.org> | 1999-10-03 21:50:03 +0000 |
|---|---|---|
| committer | provos <provos@openbsd.org> | 1999-10-03 21:50:03 +0000 |
| commit | f375c68b464ee4113713486e82750c66f3773333 (patch) | |
| tree | 1f467a795fc386ed2fd30ec01734573c54f4bdb6 /usr.bin/ssh/ssh.c | |
| parent | Remove commented out sample of SHMMAXPGS setting with machine-specific (diff) | |
| download | wireguard-openbsd-f375c68b464ee4113713486e82750c66f3773333.tar.xz wireguard-openbsd-f375c68b464ee4113713486e82750c66f3773333.zip | |
add code to detect DNS spoofing:
the main idea is to not only store the host key for the hostname but
also for the according IP address. When we check the host key in the
known_hosts file, we also check the key against the according IP address.
When the server key changes, host_status = HOST_CHANGED. If
check_host_in_hostfile() returns differing status for the IP address
that means that either DNS was spoofed or that the IP address
for the host and the host key changed at the same time.
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 21f96348c54..bf9dc850276 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.21 1999/09/30 20:39:08 deraadt Exp $"); +RCSID("$Id: ssh.c,v 1.22 1999/10/03 21:50:04 provos Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -58,6 +58,9 @@ Options options; in a configuration file. */ char *host; +/* socket address the host resolves to */ +struct sockaddr_in hostaddr; + /* Flag to indicate that we have received a window change signal which has not yet been processed. This will cause a message indicating the new window size to be sent to the server a little later. This is volatile @@ -520,7 +523,7 @@ main(int ac, char **av) /* Open a connection to the remote host. This needs root privileges if rhosts_authentication is true. */ - ok = ssh_connect(host, options.port, options.connection_attempts, + ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, !options.rhosts_authentication && !options.rhosts_rsa_authentication, original_real_uid, options.proxy_command); @@ -581,7 +584,7 @@ main(int ac, char **av) /* Log into the remote system. This never returns if the login fails. */ ssh_login(host_private_key_loaded, host_private_key, - host, &options, original_real_uid); + host, &hostaddr, &options, original_real_uid); /* We no longer need the host private key. Clear it now. */ if (host_private_key_loaded) |