The branch, build-baikal has been updated via f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf (commit) from dae06640659ec9de4c8308897a218c92f4e6ac7a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: debian/changelog | 5 ++++ onmainwindow.cpp | 67 +++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 51 insertions(+), 21 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 0b6aa9e..6360efe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,11 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low config file. This allows choosing the default display for shadow sessions. + [ Heinrich Schuchardt ] + * New upstream version (4.0.1.2): + - Handle SSH host key changes more elegantly and allow user interaction + if such a host key change occurs. (Fixes: #241). + -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Wed, 11 Sep 2013 12:17:43 +0200 x2goclient (4.0.1.1-0~x2go1) unstable; urgency=low diff --git a/onmainwindow.cpp b/onmainwindow.cpp index 6a3fb66..3036ecd 100644 --- a/onmainwindow.cpp +++ b/onmainwindow.cpp @@ -2964,33 +2964,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa { case SSH_SERVER_KNOWN_CHANGED: errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+ - tr ( "For security reasons, connection will be stopped" ); - connection->writeKnownHosts(false); - connection->wait(); - if(sshConnection && sshConnection !=connection) + tr ( "This can be an indication of a man-in-the-middle attack.\n" + "Somebody might be eavesdropping on you.\n" + "For security reasons, it is recommended to stop the connection.\n" + "Do you want to terminate the connection?\n" ); + if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ), + errMsg, tr( "Yes" ), tr( "No" ) ) != 0) + { + connection->writeKnownHosts(false); + connection->wait(); + if(sshConnection && sshConnection !=connection) + { + sshConnection->wait(); + delete sshConnection; + } + slotSshUserAuthError ( tr ( "Host key verification failed" ) ); + sshConnection=0; + return; + } + else { - sshConnection->wait(); - delete sshConnection; + errMsg = tr( "If you accept the new host key the security of your " + "connection may be compromised.\n" + "Do you want to update the host key?" ); } - sshConnection=0; - slotSshUserAuthError ( errMsg ); - return; - + break; case SSH_SERVER_FOUND_OTHER: errMsg=tr ( "The host key for this server was not found but an other" - "type of key exists.An attacker might change the default server key to" - "confuse your client into thinking the key does not exist" ); - connection->writeKnownHosts(false); - connection->wait(); - if(sshConnection && sshConnection !=connection) + "type of key exists. An attacker might change the default server key to " + "confuse your client into thinking the key does not exist. \n" + "For security reasons, it is recommended to stop the connection.\n" + "Do you want to terminate the connection?\n"); + if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ), + errMsg, tr( "Yes" ), tr( "No" ) ) != 0) + { + connection->writeKnownHosts(false); + connection->wait(); + if(sshConnection && sshConnection !=connection) + { + sshConnection->wait(); + delete sshConnection; + } + slotSshUserAuthError ( tr ( "Host key verification failed" ) ); + sshConnection=0; + return; + } + else { - sshConnection->wait(); - delete sshConnection; + errMsg = tr( "If you accept the new host key the security of your " + "connection may be compromised.\n" + "Do you want to update the host key?" ); } - sshConnection=0; - slotSshUserAuthError ( errMsg ); - return ; - + break; case SSH_SERVER_ERROR: connection->writeKnownHosts(false); connection->wait(); hooks/post-receive -- x2goclient.git (X2Go Client) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goclient.git" (X2Go Client).