- grunk@cvs.openbsd.org 2008/06/26 11:46:31

     [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
     Move SSH Fingerprint Visualization away from sharing the config option
     CheckHostIP to an own config option named VisualHostKey.
     While there, fix the behaviour that ssh would draw a random art picture
     on every newly seen host even when the option was not enabled.
     prodded by deraadt@, discussions,
     help and ok markus@ djm@ dtucker@

6 files changed, 45 insertions, 45 deletions

diff --git a/ChangeLog b/ChangeLog
index 70c06d785..5df3f91d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,14 @@
      are of the expected "safe prime" structure and have had
      appropriate primality tests performed;
      feedback and ok dtucker@
+   - grunk@cvs.openbsd.org 2008/06/26 11:46:31
+     [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
+     Move SSH Fingerprint Visualization away from sharing the config option
+     CheckHostIP to an own config option named VisualHostKey.
+     While there, fix the behaviour that ssh would draw a random art picture
+     on every newly seen host even when the option was not enabled.
+     prodded by deraadt@, discussions,
+     help and ok markus@ djm@ dtucker@
 
 20080628
  - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
@@ -4440,4 +4448,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5028 2008/06/29 12:47:04 djm Exp $
+$Id: ChangeLog,v 1.5029 2008/06/29 14:04:03 djm Exp $
diff --git a/readconf.c b/readconf.c
index 1d61145c4..73f6eb361 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,6 +130,7 @@ typedef enum {
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+	oVisualHostKey,
 	oDeprecated, oUnsupported
 } OpCodes;
 
@@ -226,6 +227,7 @@ static struct {
 	{ "tunneldevice", oTunnelDevice },
 	{ "localcommand", oLocalCommand },
 	{ "permitlocalcommand", oPermitLocalCommand },
+	{ "visualhostkey", oVisualHostKey },
 	{ NULL, oBadOption }
 };
 
@@ -452,23 +454,7 @@ parse_flag:
 
 	case oCheckHostIP:
 		intptr = &options->check_host_ip;
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing CheckHostIP argument.",
-			    filename, linenum);
-		value = 0;	/* To avoid compiler warning... */
-		if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
-			value = SSHCTL_CHECKHOSTIP_YES;
-		else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
-			value = SSHCTL_CHECKHOSTIP_NO;
-		else if (strcmp(arg, "fingerprint") == 0)
-			value = SSHCTL_CHECKHOSTIP_FPR;
-		else
-			fatal("%.200s line %d: Bad CheckHostIP argument.",
-			    filename, linenum);
-		if (*activep && *intptr == -1)
-			*intptr = value;
-		break;
+		goto parse_flag;
 
 	case oVerifyHostKeyDNS:
 		intptr = &options->verify_host_key_dns;
@@ -931,6 +917,10 @@ parse_int:
 		intptr = &options->permit_local_command;
 		goto parse_flag;
 
+	case oVisualHostKey:
+		intptr = &options->visual_host_key;
+		goto parse_flag;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1081,6 +1071,7 @@ initialize_options(Options * options)
 	options->tun_remote = -1;
 	options->local_command = NULL;
 	options->permit_local_command = -1;
+	options->visual_host_key = -1;
 }
 
 /*
@@ -1215,6 +1206,8 @@ fill_default_options(Options * options)
 		options->tun_remote = SSH_TUNID_ANY;
 	if (options->permit_local_command == -1)
 		options->permit_local_command = 0;
+	if (options->visual_host_key == -1)
+		options->visual_host_key = 0;
 	/* options->local_command should not be set by default */
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index 5c16a0ba6..47c7aef4e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -120,13 +120,10 @@ typedef struct {
 
 	char	*local_command;
 	int	permit_local_command;
+	int	visual_host_key;
 
 }       Options;
 
-#define SSHCTL_CHECKHOSTIP_NO	0
-#define SSHCTL_CHECKHOSTIP_YES	1
-#define SSHCTL_CHECKHOSTIP_FPR	2
-
 #define SSHCTL_MASTER_NO	0
 #define SSHCTL_MASTER_YES	1
 #define SSHCTL_MASTER_AUTO	2
diff --git a/ssh.1 b/ssh.1
index e975dae01..6165e2f73 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.274 2008/06/13 20:13:26 grunk Exp $
-.Dd $Mdocdate: June 13 2008 
+.\" $OpenBSD: ssh.1,v 1.275 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1035,9 +1035,9 @@ there is also support to compare host keys visually,
 using
 .Em random art .
 By setting the
-.Cm CheckHostIP
+.Cm VisualHostKey
 option to
-.Dq fingerprint ,
+.Dq yes ,
 a small ASCII graphic gets displayed on every login to a server, no matter
 if the session itself is interactive or not.
 By learning the pattern a known server produces, a user can easily
diff --git a/ssh_config.5 b/ssh_config.5
index 53b3b6f1f..85e7ba06d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.110 2008/06/12 19:10:09 jmc Exp $
-.Dd $Mdocdate: June 12 2008 $
+.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -161,10 +161,6 @@ will additionally check the host IP address in the
 file.
 This allows ssh to detect if a host key changed due to DNS spoofing.
 If the option is set to
-.Dq fingerprint ,
-a fingerprint and an ASCII art representation of the key are printed,
-in addition to the host IP address check.
-If the option is set to
 .Dq no ,
 the check will not be executed.
 The default is
@@ -1064,6 +1060,16 @@ See also
 .Sx VERIFYING HOST KEYS
 in
 .Xr ssh 1 .
+.It Cm VisualHostKey
+If this flag is set to
+.Dq yes ,
+an ASCII art representation of the remote host key fingerprint is
+printed additionally to the hex fingerprint string.
+If this flag is set to
+.Dq no ,
+only the hex fingerprint string will be printed.
+The default is
+.Dq no .
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1
diff --git a/sshconnect.c b/sshconnect.c
index 267670771..9c1550a96 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.208 2008/06/12 23:24:58 ian Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.209 2008/06/26 11:46:31 grunk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -598,7 +598,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	char msg[1024];
 	int len, host_line, ip_line;
 	const char *host_file = NULL, *ip_file = NULL;
-	int display_randomart;
 
 	/*
 	 * Force accepting of the host key for loopback/localhost. The
@@ -646,12 +645,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	}
 
 	/*
-	 * check_host_ip may be set to zero in the next step, so if it
-	 * conveys a request to display the random art, save it away.
-	 */
-	display_randomart = (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR);
-
-	/*
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
 	 * command or if we don't have a hostname to compare with
 	 */
@@ -735,7 +728,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 				logit("Warning: Permanently added the %s host "
 				    "key for IP address '%.128s' to the list "
 				    "of known hosts.", type, ip);
-		} else if (display_randomart) {
+		} else if (options.visual_host_key) {
 			fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 			ra = key_fingerprint(host_key, SSH_FP_MD5,
 			    SSH_FP_RANDOMART);
@@ -793,10 +786,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 			snprintf(msg, sizeof(msg),
 			    "The authenticity of host '%.200s (%s)' can't be "
 			    "established%s\n"
-			    "%s key fingerprint is %s.\n%s\n%s"
+			    "%s key fingerprint is %s.%s%s\n%s"
 			    "Are you sure you want to continue connecting "
 			    "(yes/no)? ",
-			    host, ip, msg1, type, fp, ra, msg2);
+			    host, ip, msg1, type, fp,
+			    options.visual_host_key ? "\n" : "",
+			    options.visual_host_key ? ra : "",
+			    msg2);
 			xfree(ra);
 			xfree(fp);
 			if (!confirm(msg))