diff --git a/CHANGES b/CHANGES
index f2689c186c77eb1c2c33f47edd5f70acdb45fef7..086758c63649c1e607fa1a5a83218cab137dc01e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+- Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
+  will work with scp.
+
 0.44 - Mon Jan 3 2005
 
 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
diff --git a/cli-kex.c b/cli-kex.c
index 03a0670277a08bb38e185130e58812c13d632d9c..40d4e957078016c6e3ca4b48d58b9480dc729ce4 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -115,13 +115,23 @@ void recv_msg_kexdh_reply() {
 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) {
 
 	char* fp = NULL;
+	FILE *tty = NULL;
+	char response = 'z';
 
 	fp = sign_key_fingerprint(keyblob, keybloblen);
 	fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", 
 			cli_opts.remotehost, 
 			fp);
 
-	if (getc(stdin) == 'y') {
+	tty = fopen(_PATH_TTY, "r");
+	if (tty) {
+		response = getc(tty);
+		fclose(tty);
+	} else {
+		response = getc(stdin);
+	}
+
+	if (response == 'y') {
 		m_free(fp);
 		return;
 	}