+
+ if (options.check_host_ip && host_status != HOST_CHANGED &&
+ ip_status == HOST_CHANGED) {
+ log("Warning: the %s host key for '%.200s' "
+ "differs from the key for the IP address '%.128s'",
+ type, host, ip);
+ if (host_status == HOST_OK)
+ log("Matching host key in %s:%d", host_file, host_line);
+ log("Offending key for IP in %s:%d", ip_file, ip_line);
+ if (options.strict_host_key_checking == 1) {
+ error("Exiting, you have requested strict checking.");
+ goto fail;
+ } else if (options.strict_host_key_checking == 2) {
+ if (!read_yes_or_no("Are you sure you want "
+ "to continue connecting (yes/no)? ", -1)) {
+ log("Aborted by user!");
+ goto fail;
+ }
+ }
+ }
+
+ xfree(ip);
+ return 0;
+
+fail:
+ xfree(ip);
+ return -1;
+}
+
+int
+verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
+{
+ struct stat st;
+
+ /* return ok if the key can be found in an old keyfile */
+ if (stat(options.system_hostfile2, &st) == 0 ||
+ stat(options.user_hostfile2, &st) == 0) {
+ if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1,
+ options.user_hostfile2, options.system_hostfile2) == 0)
+ return 0;
+ }
+ return check_host_key(host, hostaddr, host_key, /*readonly*/ 0,
+ options.user_hostfile, options.system_hostfile);