diff options
| author | Damien Miller <djm@mindrot.org> | 2010-06-26 02:02:03 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-06-26 02:02:03 +0200 |
| commit | 383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a (patch) | |
| tree | e7750eda2d74570aaf7ef5bd3360a6a1a04ea53c /ssh.c | |
| parent | - djm@cvs.openbsd.org 2010/06/25 08:46:17 (diff) | |
| download | openssh-383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a.tar.xz openssh-383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a.zip | |
- djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.338 2010/05/16 12:55:51 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.339 2010/06/25 23:10:30 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -829,6 +829,13 @@ main(int ac, char **av) ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw, timeout_ms); + if (packet_connection_is_on_socket()) { + verbose("Authenticated to %s ([%s]:%d).", host, + get_remote_ipaddr(), get_remote_port()); + } else { + verbose("Authenticated to %s (via proxy).", host); + } + /* We no longer need the private host keys. Clear them now. */ if (sensitive_data.nkeys != 0) { for (i = 0; i < sensitive_data.nkeys; i++) { |