[X2Go-Commits] x2goclient.git - master (branch) updated: 4.0.1.1-8-gf376e1c

X2Go dev team git-admin at x2go.org
Mon Sep 30 21:07:45 CEST 2013


The branch, master has been updated
       via  f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf (commit)
      from  dae06640659ec9de4c8308897a218c92f4e6ac7a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f376e1c9e9e1b145b4ed1f2cb8a32b64ffe5f4bf
Author: Heinrich Schuchardt <xypron.glpk at gmx.de>
Date:   Mon Sep 30 21:07:25 2013 +0200

    Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241).

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog |    5 ++++
 onmainwindow.cpp |   67 +++++++++++++++++++++++++++++++++++++-----------------
 2 files changed, 51 insertions(+), 21 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 0b6aa9e..6360efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,11 @@ x2goclient (4.0.1.2-0~x2go2) UNRELEASED; urgency=low
       config file. This allows choosing the default display for shadow
       sessions.
 
+  [ Heinrich Schuchardt ]
+  * New upstream version (4.0.1.2):
+    - Handle SSH host key changes more elegantly and allow user interaction
+      if such a host key change occurs. (Fixes: #241).
+
  -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Wed, 11 Sep 2013 12:17:43 +0200
 
 x2goclient (4.0.1.1-0~x2go1) unstable; urgency=low
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 6a3fb66..3036ecd 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -2964,33 +2964,58 @@ void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMa
     {
     case SSH_SERVER_KNOWN_CHANGED:
         errMsg=tr ( "Host key for server changed.\nIt is now: " ) +sshMessage+"\n"+
-               tr ( "For security reasons, connection will be stopped" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+               tr ( "This can be an indication of a man-in-the-middle attack.\n"
+                    "Somebody might be eavesdropping on you.\n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n" );
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return;
-
+        break;
     case SSH_SERVER_FOUND_OTHER:
         errMsg=tr ( "The host key for this server was not found but an other"
-                    "type of key exists.An attacker might change the default server key to"
-                    "confuse your client into thinking the key does not exist" );
-        connection->writeKnownHosts(false);
-        connection->wait();
-        if(sshConnection && sshConnection !=connection)
+                    "type of key exists. An attacker might change the default server key to "
+                    "confuse your client into thinking the key does not exist. \n"
+                    "For security reasons, it is recommended to stop the connection.\n"
+                    "Do you want to terminate the connection?\n");
+        if ( !QMessageBox::warning( 0, tr( "Host key verification failed" ),
+                errMsg, tr( "Yes" ), tr( "No" ) ) != 0)
+            {
+            connection->writeKnownHosts(false);
+            connection->wait();
+            if(sshConnection && sshConnection !=connection)
+            {
+                sshConnection->wait();
+                delete sshConnection;
+            }
+            slotSshUserAuthError ( tr ( "Host key verification failed" ) );
+            sshConnection=0;
+            return;
+        }
+        else
         {
-            sshConnection->wait();
-            delete sshConnection;
+            errMsg = tr( "If you accept the new host key the security of your "
+                         "connection may be compromised.\n"
+                         "Do you want to update the host key?" );
         }
-        sshConnection=0;
-        slotSshUserAuthError ( errMsg );
-        return ;
-
+        break;
     case SSH_SERVER_ERROR:
         connection->writeKnownHosts(false);
         connection->wait();


hooks/post-receive
-- 
x2goclient.git (X2Go Client)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).




More information about the x2go-commits mailing list