From 42f449b9ce66a74e17047c93fac6306c66ab1331 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Mon, 24 Apr 2017 01:46:22 +0200 Subject: ssh: print the whole ssh-rsa hostkey in base64 when thumb check fails in addition to the thumbprint, also print the whole hostkey in base64 (same format as openssh uses) to make verification easier. --- sys/src/cmd/ssh.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'sys/src/cmd/ssh.c') diff --git a/sys/src/cmd/ssh.c b/sys/src/cmd/ssh.c index e4e1f3e89..de59cbe02 100644 --- a/sys/src/cmd/ssh.c +++ b/sys/src/cmd/ssh.c @@ -492,7 +492,6 @@ void kex(int gotkexinit) { static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org"; - static char hostkeyalgs[] = "ssh-rsa"; static char cipheralgs[] = "chacha20-poly1305@openssh.com"; static char zipalgs[] = "none"; static char macalgs[] = ""; @@ -512,7 +511,7 @@ kex(int gotkexinit) sendpkt("b[ssssssssssbu", MSG_KEXINIT, cookie, sizeof(cookie), kexalgs, sizeof(kexalgs)-1, - hostkeyalgs, sizeof(hostkeyalgs)-1, + sshrsa, sizeof(sshrsa)-1, cipheralgs, sizeof(cipheralgs)-1, cipheralgs, sizeof(cipheralgs)-1, macalgs, sizeof(macalgs)-1, @@ -592,7 +591,9 @@ Next1: switch(recvpkt()){ ok = initThumbprints(thumbfile, nil, "ssh"); if(ok == nil || !okThumbprint(h, sizeof(h), ok)){ if(ok != nil) werrstr("unknown host"); - fprint(2, "%s: %r, to add after verification:\n", argv0); + fprint(2, "%s: %r\n", argv0); + fprint(2, "verify hostkey: %s %.*[\n", sshrsa, nks, ks); + fprint(2, "add thumbprint after verification:\n"); fprint(2, "\techo 'ssh sha256=%s server=%s' >> %q\n", thumb, host, thumbfile); sysfatal("checking hostkey failed: %r"); } @@ -1092,6 +1093,7 @@ main(int argc, char *argv[]) quotefmtinstall(); fmtinstall('B', mpfmt); fmtinstall('H', encodefmt); + fmtinstall('[', encodefmt); s = getenv("TERM"); raw = s != nil && strcmp(s, "dumb") != 0; -- cgit v1.2.3