[X2Go-Commits] x2goclient.git - build-main (branch) updated: 4.0.1.1-8-gf376e1c
X2Go dev team
git-admin at x2go.org
Tue Dec 17 15:43:29 CET 2013
The branch, build-main has been updated
via f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf (commit)
from dae06640659ec9de4c8308897a218c92f4e6ac7a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 5 ++++
onmainwindow.cpp | 67 +++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 51 insertions(+), 21 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 0b6aa9e..6360efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,11 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
config file. This allows choosing the default display for shadow
sessions.
+ [ Heinrich Schuchardt ]
+ * New upstream version (4.0.1.2):
+ - Handle SSH host key changes more elegantly and allow user interaction
+ if such a host key change occurs. (Fixes: #241).
+
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Wed, 11 Sep 2013 12:17:43 +0200
x2goclient (4.0.1.1-0~x2go1) unstable; urgency=low
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 6a3fb66..3036ecd 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -2964,33 +2964,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa
{
case SSH_SERVER_KNOWN_CHANGED:
errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+
- tr ( "For security reasons, connection will be stopped" );
- connection->writeKnownHosts(false);
- connection->wait();
- if(sshConnection && sshConnection !=connection)
+ tr ( "This can be an indication of a man-in-the-middle attack.\n"
+ "Somebody might be eavesdropping on you.\n"
+ "For security reasons, it is recommended to stop the connection.\n"
+ "Do you want to terminate the connection?\n" );
+ if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+ errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+ {
+ connection->writeKnownHosts(false);
+ connection->wait();
+ if(sshConnection && sshConnection !=connection)
+ {
+ sshConnection->wait();
+ delete sshConnection;
+ }
+ slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+ sshConnection=0;
+ return;
+ }
+ else
{
- sshConnection->wait();
- delete sshConnection;
+ errMsg = tr( "If you accept the new host key the security of your "
+ "connection may be compromised.\n"
+ "Do you want to update the host key?" );
}
- sshConnection=0;
- slotSshUserAuthError ( errMsg );
- return;
-
+ break;
case SSH_SERVER_FOUND_OTHER:
errMsg=tr ( "The host key for this server was not found but an other"
- "type of key exists.An attacker might change the default server key to"
- "confuse your client into thinking the key does not exist" );
- connection->writeKnownHosts(false);
- connection->wait();
- if(sshConnection && sshConnection !=connection)
+ "type of key exists. An attacker might change the default server key to "
+ "confuse your client into thinking the key does not exist. \n"
+ "For security reasons, it is recommended to stop the connection.\n"
+ "Do you want to terminate the connection?\n");
+ if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+ errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+ {
+ connection->writeKnownHosts(false);
+ connection->wait();
+ if(sshConnection && sshConnection !=connection)
+ {
+ sshConnection->wait();
+ delete sshConnection;
+ }
+ slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+ sshConnection=0;
+ return;
+ }
+ else
{
- sshConnection->wait();
- delete sshConnection;
+ errMsg = tr( "If you accept the new host key the security of your "
+ "connection may be compromised.\n"
+ "Do you want to update the host key?" );
}
- sshConnection=0;
- slotSshUserAuthError ( errMsg );
- return ;
-
+ break;
case SSH_SERVER_ERROR:
connection->writeKnownHosts(false);
connection->wait();
hooks/post-receive
--
x2goclient.git (X2Go Client)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).
More information about the x2go-commits
mailing list