Page MenuHomePhabricator

ssh_session_has_known_hosts_entry doesn't seem to check in opts.global_knownhosts
Open, NormalPublic

Description

ssh_session_has_known_hosts_entry, which can be used before connecting to a host, only checks opts.knownhosts.

It's not clear from the documentation if this is how it should behave.

Event Timeline

Gundersanne triaged this task as Normal priority.

IMHO the expected behaviour would be to check both the global and user file, like ssh_session_is_known_server(). Otherwise, actually checking the global file on the caller side would be rather ugly: You would first need to temporarily set the *user* known hosts to the global one (/etc/ssh/ssh_known_hosts), check ssh_session_has_known_hosts_entry(), then reset the user known hosts file to the default again, and check again.

asn added a subscriber: asn.Oct 10 2018, 11:53 AM

I will work on a fix in the next days.

Jakuje added a subscriber: Jakuje.Oct 18 2018, 5:27 PM

This issue is mostly related to the parallel work on the config parsing by me and rewrite of the knownhosts api by Andreas. The global knownhosts file was a new thing at this time and therefore I am not very surprised this slipped through.

The switching is not indeed meant to be implemented as part of the application code. I will have a look into that soon.

The changes required to support also global known hosts landed in the following branch:

https://gitlab.com/jjelen/libssh-mirror/commits/prefer-known-keytypes

Basic tests are working for me, but review or verification that it matches your use case would be appreciated.