Page MenuHomePhabricator

ssh_session_has_known_hosts_entry doesn't seem to check in opts.global_knownhosts
Closed, ResolvedPublic

Description

ssh_session_has_known_hosts_entry, which can be used before connecting to a host, only checks opts.knownhosts.

It's not clear from the documentation if this is how it should behave.

Event Timeline

Gundersanne triaged this task as Normal priority.Oct 10 2018, 10:48 AM
Gundersanne created this task.

IMHO the expected behaviour would be to check both the global and user file, like ssh_session_is_known_server(). Otherwise, actually checking the global file on the caller side would be rather ugly: You would first need to temporarily set the *user* known hosts to the global one (/etc/ssh/ssh_known_hosts), check ssh_session_has_known_hosts_entry(), then reset the user known hosts file to the default again, and check again.

asn added a subscriber: asn.Oct 10 2018, 11:53 AM

I will work on a fix in the next days.

Jakuje added a subscriber: Jakuje.Oct 18 2018, 5:27 PM

This issue is mostly related to the parallel work on the config parsing by me and rewrite of the knownhosts api by Andreas. The global knownhosts file was a new thing at this time and therefore I am not very surprised this slipped through.

The switching is not indeed meant to be implemented as part of the application code. I will have a look into that soon.

The changes required to support also global known hosts landed in the following branch:

https://gitlab.com/jjelen/libssh-mirror/commits/prefer-known-keytypes

Basic tests are working for me, but review or verification that it matches your use case would be appreciated.

Jakuje closed this task as Resolved.Nov 28 2018, 2:01 PM
Jakuje claimed this task.

This should be resolved by f622c4309b0ffe4679bd1b124638fc1bcddb5758