Subject: Re: known_hosts support (first take)

Re: known_hosts support (first take)

From: Alexander Lamaison <swish_at_lammy.co.uk>
Date: Mon, 4 May 2009 12:31:01 +0100

2009/5/4 Daniel Stenberg <daniel_at_haxx.se>:
> I'm open for feedback and comments on this. I've not yet figured out the (E)
> part so I'm perhaps most interested on that... How does libssh2_hostkey_hash()
> relate to all this?

It's been a while since I looked at this but AFAIK
libssh2_hostkey_hash() doesn't really relate to this. When asking the
user to confirm that such-and-such a hostkey is ok, most clients
display a hashed version of the key so that it will fit on the display
e.g.:

   The fingerprint for the RSA key sent by the remote host is
   9e:fa:9b:8d:23:51:da:71:bc:d4:ce:3e:41:91:33:9c.

I believe the hashing algorithm is standard so that people can
recognise the hashed key on any client but this is all
libssh2_hostkey_hash() does.

The real key, which is much longer, is the key that gets stored in
known_hosts. libssh2 doesn't currently provide a way to get at it
which means that all libssh2-based clients have to fall back to
storing and comparing the hashes. I don't think that this has any
real security implications but it rules out using keys stored by other
clients in known_hosts or by PuTTY in the registry.

HTH

Alex

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-05-04