From 9ceadd480c24d61148c120335931456b39a4837b Mon Sep 17 00:00:00 2001 From: Iru Cai Date: Mon, 21 May 2018 11:41:44 +0800 Subject: conn_info: show if host key matches --- src/fqterm/fqterm_frame.cpp | 5 +++++ src/protocol/CMakeLists.txt | 3 +++ src/protocol/connect_info.h | 1 + src/protocol/fqterm_ssh_socket.cpp | 21 +++++++++++++++++++++ src/protocol/internal/fqterm_ssh2_kex.h | 2 ++ 5 files changed, 32 insertions(+) diff --git a/src/fqterm/fqterm_frame.cpp b/src/fqterm/fqterm_frame.cpp index eef3558..79ff517 100644 --- a/src/fqterm/fqterm_frame.cpp +++ b/src/fqterm/fqterm_frame.cpp @@ -715,6 +715,11 @@ static QString ssh2_info(conn_info_t *info) txt.append(QString("\nMAC(s2c): %1") .arg(info->ssh_proto_info.s2c_mac)); } + if (info->ssh_proto_info.key_matches) + txt.append("\nkey matches"); + else + txt.append("\nkey mismatch!"); + return txt; } diff --git a/src/protocol/CMakeLists.txt b/src/protocol/CMakeLists.txt index 57cd0a8..0b505af 100644 --- a/src/protocol/CMakeLists.txt +++ b/src/protocol/CMakeLists.txt @@ -10,6 +10,7 @@ set(export_SRCS fqterm_local_socket.h fqterm_ssh_socket.h fqterm_ssh_socket.cpp + connect_info.h ) set(internal_SRCS @@ -31,6 +32,8 @@ set(internal_SRCS internal/ssh_packet.c internal/curve25519/smult.c internal/curve25519/base.c + internal/ccan_base64.c + internal/ssh_known_hosts.c internal/fqterm_ssh_auth.h internal/fqterm_ssh_const.h internal/fqterm_ssh_kex.h diff --git a/src/protocol/connect_info.h b/src/protocol/connect_info.h index faf5862..e1c4eb4 100644 --- a/src/protocol/connect_info.h +++ b/src/protocol/connect_info.h @@ -21,6 +21,7 @@ typedef struct const char *c2s_mac; const char *s2c_mac; unsigned char hash[32]; + unsigned char key_matches; } ssh_proto_info; } conn_info_t; diff --git a/src/protocol/fqterm_ssh_socket.cpp b/src/protocol/fqterm_ssh_socket.cpp index d6c2e61..8649bb9 100644 --- a/src/protocol/fqterm_ssh_socket.cpp +++ b/src/protocol/fqterm_ssh_socket.cpp @@ -28,6 +28,8 @@ #include "fqterm_ssh_auth.h" #include "fqterm_ssh_channel.h" #include "fqterm_trace.h" +#include "fqterm_path.h" +#include "ssh_known_hosts.h" #include namespace FQTerm { @@ -144,6 +146,25 @@ void FQTermSSHSocket::kexOK() conn_info.ssh_proto_info.c2s_mac = packet_sender_->mac->name; if (packet_receiver_->mac) conn_info.ssh_proto_info.s2c_mac = packet_receiver_->mac->name; + + if (ssh_version_ == 2) { + int nhosts; + struct ssh_host *hosts; + const char *hosts_file; +#ifdef WIN32 + hosts_file = (getPath(USER_CONFIG) + "known_hosts").toLatin1().constData(); +#else + hosts_file = ssh_hosts_filename(); +#endif + hosts = parse_hosts_file(hosts_file, &nhosts); + int idx = find_ssh_host(hosts, nhosts, conn_info.hostname, conn_info.port); + FQTermSSH2Kex *kex = dynamic_cast (key_exchanger_); + if (idx >=0 && key_matches(&hosts[idx], kex->K_S(), kex->K_S_len())) + conn_info.ssh_proto_info.key_matches = 1; + else + conn_info.ssh_proto_info.key_matches = 0; + } + key_exchanger_->hostKeyHash(conn_info.ssh_proto_info.hash); authentication_->initAuth(packet_receiver_, packet_sender_); } diff --git a/src/protocol/internal/fqterm_ssh2_kex.h b/src/protocol/internal/fqterm_ssh2_kex.h index d1ce7b3..3b59cd7 100644 --- a/src/protocol/internal/fqterm_ssh2_kex.h +++ b/src/protocol/internal/fqterm_ssh2_kex.h @@ -77,6 +77,8 @@ public: SHA256(sess.K_S, sess.K_S_len, md); } + const unsigned char *K_S() { return sess.K_S; } + int K_S_len() { return sess.K_S_len; } public slots: void handlePacket(int type); }; -- cgit v1.2.3