Subject: Re: known_hosts [early PATCH]

Re: known_hosts [early PATCH]

From: Simon Josefsson <simon_at_josefsson.org>
Date: Thu, 07 May 2009 10:41:41 +0200

Peter Stuge <peter_at_stuge.se> writes:

> Simon Josefsson wrote:
>> What about a function to add entries to the known_host file?
>
> Please don't do that.
>
> Make a createfile or something similar.
>
> On Win32 there are no files.

A helper function doesn't hurt, does it? The application can decide
whether to use it or not. If libssh2 will include code for reading
known_hosts file in the various formats, also including code for writing
seems consistent. Otherwise the application will have to do it
internally.

> Simon Josefsson wrote:
>> > And I also want to be able to update a host in the known_host
>> > file when the key has changed and the user okays this.
>>
>> Maybe that isn't a good idea, it trains users to just-click-yes to
>> make things work.
>
> This is really a policy decision.

Yup, and that belongs in the application.

>> I don't think OpenSSH has any mechanism to replace hostkeys in the
>> known_hosts file? Maybe that is because of the just-click-yes
>> concern.
>
> Yes indeed. OpenSSH complains quite loudly when a key changes, and
> rightly so.
>
> The big difference is that OpenSSH is intended to be an end user
> tool, while libssh2 is not really.
>
> I want callbacks, or notifications, or something else, so that my
> application can handle these things on it's own, or forward them to
> the user per whatever policy is current today.

I think Daniel's API is flexible enough to permit applications to do
whatever they want. The interface is fully opt-in.

/Simon

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-05-07