*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.81 2000/11/06 23:16:35 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
if (options.proxy_command != NULL && options.check_host_ip)
options.check_host_ip = 0;
- if (options.check_host_ip) {
- if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
- NULL, 0, NI_NUMERICHOST) != 0)
- fatal("check_host_key: getnameinfo failed");
- ip = xstrdup(ntop);
- }
-
+ if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
+ NULL, 0, NI_NUMERICHOST) != 0)
+ fatal("check_host_key: getnameinfo failed");
+ ip = xstrdup(ntop);
+
/*
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
char prompt[1024];
char *fp = key_fingerprint(host_key);
snprintf(prompt, sizeof(prompt),
- "The authenticity of host '%.200s' can't be established.\n"
+ "The authenticity of host '%.200s (%s)' can't be established.\n"
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, type, fp);
+ host, ip, type, fp);
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!\n");
}
error("Agent forwarding is disabled to avoid trojan horses.");
options.forward_agent = 0;
}
+ if (options.forward_x11) {
+ error("X11 forwarding is disabled to avoid trojan horses.");
+ options.forward_x11 = 0;
+ }
+ if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+ error("Port forwarding is disabled to avoid trojan horses.");
+ options.num_local_forwards = options.num_remote_forwards = 0;
+ }
/*
* XXX Should permit the user to change to use the new id.
* This could be done by converting the host key to an
*/
break;
}
- if (options.check_host_ip)
- xfree(ip);
+
+ xfree(ip);
}
/*