From 1286981d08b8429a64613215ce8bff3f6b32488a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 3 Oct 2020 08:30:47 +0000 Subject: upstream: enable UpdateHostkeys by default when the configuration has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60 --- readconf.c | 10 ++++++++-- ssh_config.5 | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/readconf.c b/readconf.c index 554efd7c..1963a83b 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.335 2020/08/27 02:11:09 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.336 2020/10/03 08:30:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2178,8 +2178,14 @@ fill_default_options(Options * options) options->system_hostfiles[options->num_system_hostfiles++] = xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2); } - if (options->update_hostkeys == -1) + if (options->update_hostkeys == -1) { + if (options->num_user_hostfiles == 0 || + (options->num_user_hostfiles == 1 && strcmp(options-> + user_hostfiles[0], _PATH_SSH_USER_HOSTFILE) == 0)) + options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES; + else options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO; + } if (options->num_user_hostfiles == 0) { options->user_hostfiles[options->num_user_hostfiles++] = xstrdup(_PATH_SSH_USER_HOSTFILE); diff --git a/ssh_config.5 b/ssh_config.5 index e769493a..e085efff 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.333 2020/10/03 04:15:06 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.334 2020/10/03 08:30:47 djm Exp $ .Dd $Mdocdate: October 3 2020 $ .Dt SSH_CONFIG 5 .Os @@ -1726,7 +1726,7 @@ is enabled by default if the user has not overridden the default setting, otherwise .Cm UpdateHostKeys will be set to -.Cm ask . +.Cm no . .Pp If .Cm UpdateHostKeys -- cgit v1.2.1