diff options
| author | djm <djm> | 2010-06-26 00:02:03 +0000 |
|---|---|---|
| committer | djm <djm> | 2010-06-26 00:02:03 +0000 |
| commit | ace3a1d44bbf0f2b48c31d186789dff08711884c (patch) | |
| tree | 1b0d4c7c808390e24c4e3b5cd4655e80de5077d1 /mux.c | |
| parent | d2fa903264c8d6e44371534ad7cb6773b4006d16 (diff) | |
| download | openssh-ace3a1d44bbf0f2b48c31d186789dff08711884c.tar.gz | |
- djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
log the hostname and address that we connected to at LogLevel=verbose
after authentication is successful to mitigate "phishing" attacks by
servers with trusted keys that accept authentication silently and
automatically before presenting fake password/passphrase prompts;
"nice!" markus@
Diffstat (limited to 'mux.c')
| -rw-r--r-- | mux.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.20 2010/06/25 07:14:46 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.21 2010/06/25 23:15:36 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -1107,11 +1107,14 @@ mux_session_confirm(int id, int success, void *arg) display = getenv("DISPLAY"); if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { char *proto, *data; + /* Get reasonable local authentication information. */ client_x11_get_proto(display, options.xauth_location, - options.forward_x11_trusted, &proto, &data); + options.forward_x11_trusted, options.forward_x11_timeout, + &proto, &data); /* Request forwarding with authentication spoofing. */ - debug("Requesting X11 forwarding with authentication spoofing."); + debug("Requesting X11 forwarding with authentication " + "spoofing."); x11_request_forwarding_with_spoofing(id, display, proto, data); /* XXX wait for reply */ } |