/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-08-06 20:45:04 UTC
  • Revision ID: teddy@recompile.se-20140806204504-lf39wk4ffo9s0ua3
Bug fix for mandos-keygen: Unquote escaped hostname in SSH checker.

%%(host)s is already escaped by re.escape(), and should not be quoted.

* mandos-keygen (password): When printing SSH key fingerprinting
                            checker command of the client config
                            section, do not quote %%(host)s.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-03-05">
 
5
<!ENTITY TIMESTAMP "2014-06-22">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
748
748
    <para>
749
749
      It will also help if the checker program on the server is
750
750
      configured to request something from the client which can not be
751
 
      spoofed by someone else on the network, unlike unencrypted
752
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
751
      spoofed by someone else on the network, like SSH server key
 
752
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
753
      echo (<quote>ping</quote>) replies.
753
754
    </para>
754
755
    <para>
755
756
      <emphasis>Note</emphasis>: This makes it completely insecure to