Re: sftp module cant connect to new hosts



I don't think it is a good idea to accept every connection, that would
be a insecure use of SSH. And if I'm willing to accept that I might just
use ftp instead. A short term solution would be to use a status callback
to notify the user that we cant use the host and that the user have to
connect from the command line first to verify it authenticity. 
This would however add a string which is not acceptable for 2.6. Anyway
we could return a error for now or something, just to indicate that
something went wrong.

//Snaggen

mån 2004-03-08 klockan 16.56 skrev Fernando Herrera:
> Mon, Mar 08, 2004 at 11:25:06AM +0100, Alexander Larsson escribió:
> 
> >Its probably right. We don't want a bazillion different callbacks in
> >gnome-vfs, but in this case its probably right. It should be a generic
> >callback that can be used by other backends with similar issues though.
> 
> 	Yep, but as this API adtion should be done in GNOME 2.7
> timeframe, how about adding a workaround as:
> Index: sftp-method.c
> ===================================================================
> RCS file: /cvs/gnome/gnome-vfs/modules/sftp-method.c,v
> retrieving revision 1.2
> diff -u -u -r1.2 sftp-method.c
> --- sftp-method.c       9 Jan 2004 09:15:06 -0000       1.2
> +++ sftp-method.c       8 Mar 2004 15:49:50 -0000
> @@ -1077,6 +1077,11 @@
>                                         goto bail;
>                                 }
>                                 done_auth = TRUE;
> +                       } else if (g_str_has_prefix (buffer, "The authenticity of host")) {
> +                               g_io_channel_write_chars (tty_channel, "yes", -1, &len, NULL);
> +                               g_io_channel_write_chars (tty_channel, "\n", 1, &len, NULL);
> +                               g_io_channel_flush (tty_channel, NULL);
> +                               continue;
>                         }
>                 }
>         }
> 
> just accepting every new host. We need some kind of fix for this,
> because just know doing sftp://localhost without localhost in my
> .ssh/know_hosts make gnome-vfs open dozens of connection untils
> exahusting my sshd server. And think about the non-hacker user, who
> never has done "ssh user host com" in a shell.
> 
> Salu2




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]