search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: fdd6706) | patch
SFTPFS: verify server fingerprint (fix CVE-2021-36370).
commit9235d3c232d13ad7f973346077c9cf2eaa77dc5f
authorAndrew Borodin <aborodin@vmail.ru>
Mon, 12 Jul 2021 05:48:18 +0000 (12 08:48 +0300)
committerAndrew Borodin <aborodin@vmail.ru>
Mon, 26 Jul 2021 17:34:17 +0000 (26 20:34 +0300)
treeb27e42ca1e81d07231d3eb845f5f9cb63f360041tree | snapshot (tar.gz zip)
parentfdd67062458a0bf270b033fe5945dc3c385e82c8commit | diff
SFTPFS: verify server fingerprint (fix CVE-2021-36370).

Use ~/.ssh/known_hosts file to verify server fingerprint
using ssh way:

$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
Are you sure you want to continue connecting (yes/no)? no
ssh: Host key verification failed.

$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
andrew@localhost's password:

Thanks the Curl project for the used code.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Signed-off-by: Yury V. Zaytsev <yury.zaytsev@moneymeets.com>
doc/man/mc.1.in diff | blob | blame | history
doc/man/ru/mc.1.in diff | blob | blame | history
src/vfs/sftpfs/connection.c diff | blob | blame | history
src/vfs/sftpfs/internal.h diff | blob | blame | history
Midnight Commander