Better debugging when keys are not matching

naiba4 · Apr 14, 2020 · cbec43f · cbec43f
1 parent 339e6c4
commit cbec43f
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/tmate-ssh-client.c b/tmate-ssh-client.c
@@ -328,7 +328,7 @@ static void on_ssh_client_event(struct tmate_ssh_client *client)
 
 		if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256,
 					   &hash, &hash_len) < 0) {
-			kill_ssh_client(client, "Cannot authenticate server");
+			kill_ssh_client(client, "Failed to get server fingerprint");
 			return;
 		}
 
@@ -362,15 +362,17 @@ static void on_ssh_client_event(struct tmate_ssh_client *client)
 		}
 
 		match = !strcmp(hash_str, server_hash_str);
+		if (!match) {
+			kill_ssh_client(client, "Server fingerprint not recognized: "
+				"`%s', expected `%s'", server_hash_str, hash_str);
+		}
 
 		ssh_key_free(pubkey);
 		ssh_clean_pubkey_hash(&hash);
 		free(hash_str);
 
-		if (!match) {
-			kill_ssh_client(client, "Cannot authenticate server");
+		if (!match)
 			return;
-		}
 
 		/*
 		 * At this point, we abort other connection attempts to the