[X2Go-Commits] x2goclient.git - build-main (branch) updated: 4.0.1.1-8-gf376e1c

X2Go dev team git-admin at x2go.org
Tue Dec 17 15:43:29 CET 2013


The branch, build-main has been updated
       via  f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf (commit)
      from  dae06640659ec9de4c8308897a218c92f4e6ac7a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog |    5 ++++
 onmainwindow.cpp |   67 +++++++++++++++++++++++++++++++++++++-----------------
 2 files changed, 51 insertions(+), 21 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 0b6aa9e..6360efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,11 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
       config file. This allows choosing the default display for shadow
       sessions.
 
+  [ Heinrich Schuchardt ]
+  * New upstream version (4.0.1.2):
+    - Handle SSH host key changes more elegantly and allow user interaction
+      if such a host key change occurs. (Fixes: #241).
+
  -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Wed, 11 Sep 2013 12:17:43 +0200
 
 x2goclient (4.0.1.1-0~x2go1) unstable; urgency=low
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 6a3fb66..3036ecd 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -2964,33 +2964,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa
     {
     case SSH_SERVER_KNOWN_CHANGED:
         errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+
-               tr ( "For security reasons, connection will be stopped" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+               tr ( "This can be an indication of a man-in-the-middle attack.\n"
+                    "Somebody might be eavesdropping on you.\n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n" );
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return;
-
+        break;
     case SSH_SERVER_FOUND_OTHER:
         errMsg=tr ( "The host key for this server was not found but an other"
-                    "type of key exists.An attacker might change the default server key to"
-                    "confuse your client into thinking the key does not exist" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+                    "type of key exists. An attacker might change the default server key to "
+                    "confuse your client into thinking the key does not exist. \n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n");
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return ;
-
+        break;
     case SSH_SERVER_ERROR:
         connection->writeKnownHosts(false);
         connection->wait();


hooks/post-receive
-- 
x2goclient.git (X2Go Client)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).




More information about the x2go-commits mailing list