From 09d2d96a2eda7c340e1565b346112ffd662fdba4 Mon Sep 17 00:00:00 2001 From: Brendan Shanks Date: Mon, 24 Jul 2017 23:12:13 -0700 Subject: [PATCH] Generate SHA256 hash of host key and prompt on every connect (for now) --- macssh/source/ssh/ssh2.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/macssh/source/ssh/ssh2.c b/macssh/source/ssh/ssh2.c index d87b893..6f5c3c4 100755 --- a/macssh/source/ssh/ssh2.c +++ b/macssh/source/ssh/ssh2.c @@ -27,6 +27,7 @@ #include "ssh2.h" #include "MemPool.h" #include "PasswordDialog.h" +#include "base64.h" #include "libssh2.h" #include @@ -1605,7 +1606,26 @@ void *ssh2_thread(WindRec*w) } { - const char *hostkey_hash = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); + // TODO: init knownhosts, read lines from file, check host, display dialog with hash if no match + const unsigned char *hostkey_hash = (const unsigned char *)libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256); + + // hostkey_hash is binary data (32 bytes for SHA256) + { + char hostkey_hash_ascii[7+(32*3)+1] = "SHA256:"; + base64_encode(32, hostkey_hash, sizeof(hostkey_hash_ascii)-7, hostkey_hash_ascii+7); + + /* SHA1 + int ret = sprintf(hostkey_hash_ascii, + "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", + hostkey_hash[0], hostkey_hash[1], hostkey_hash[2], hostkey_hash[3], hostkey_hash[4], hostkey_hash[5], + hostkey_hash[6], hostkey_hash[7], hostkey_hash[8], hostkey_hash[9], hostkey_hash[10], hostkey_hash[11], + hostkey_hash[12], hostkey_hash[13], hostkey_hash[14], hostkey_hash[15], hostkey_hash[16], hostkey_hash[17], + hostkey_hash[18], hostkey_hash[19]); + */ + + syslog(0, "%s\n", hostkey_hash_ascii); + save_once_cancel1(hostkey_hash_ascii); + } } {