diff options
author | Ruben Garcia Azuara <rubenga@tid.es> | 2010-04-06 20:07:01 +0200 |
---|---|---|
committer | Andreas Schneider <mail@cynapses.org> | 2010-04-07 11:29:47 +0200 |
commit | 5a2abd34ce9ad97c69906c5fb7b07e26e96fceaa (patch) | |
tree | da155233397d23cd1f8d0f76b0108570c61079e7 | |
parent | 14eb593af3c41ea439f01d34aaae497d8420f316 (diff) | |
download | libssh-5a2abd34ce9ad97c69906c5fb7b07e26e96fceaa.tar.gz libssh-5a2abd34ce9ad97c69906c5fb7b07e26e96fceaa.tar.xz libssh-5a2abd34ce9ad97c69906c5fb7b07e26e96fceaa.zip |
Added support for StrictHostKeyChecking and UserKnownHostsFile parameters.
Added OpenSSH parameters to libssh:
- StrictHostKeyChecking
- UserKnownHostsFile
This parameters are useful to avoid checking the fingerprint. Eg:
~/.ssh/config:
Host 192.10.20.30
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Signed-off-by: Ruben Garcia Azuara <rubenga@tid.es>
Signed-off-by: Andreas Schneider <mail@cynapses.org>
-rw-r--r-- | include/libssh/libssh.h | 4 | ||||
-rw-r--r-- | include/libssh/session.h | 2 | ||||
-rw-r--r-- | libssh/config.c | 18 | ||||
-rw-r--r-- | libssh/keyfiles.c | 5 | ||||
-rw-r--r-- | libssh/options.c | 12 | ||||
-rw-r--r-- | libssh/session.c | 1 |
6 files changed, 38 insertions, 4 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 1968d095..faa07cec 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -269,11 +269,11 @@ enum ssh_options_e { SSH_OPTIONS_SSH2, SSH_OPTIONS_LOG_VERBOSITY, SSH_OPTIONS_LOG_VERBOSITY_STR, - SSH_OPTIONS_CIPHERS_C_S, SSH_OPTIONS_CIPHERS_S_C, SSH_OPTIONS_COMPRESSION_C_S, - SSH_OPTIONS_COMPRESSION_S_C + SSH_OPTIONS_COMPRESSION_S_C, + SSH_OPTIONS_HOSTKEYCHECK }; enum { diff --git a/include/libssh/session.h b/include/libssh/session.h index 56352c10..2fb91d14 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -141,7 +141,7 @@ struct ssh_session_struct { socket_t fd; int ssh2; int ssh1; - + int StrictHostKeyChecking; }; int ssh_handle_packets(ssh_session session, int timeout); diff --git a/libssh/config.c b/libssh/config.c index beb21fc5..ae794bdc 100644 --- a/libssh/config.c +++ b/libssh/config.c @@ -38,7 +38,9 @@ enum ssh_config_opcode_e { SOC_CIPHERS, SOC_COMPRESSION, SOC_TIMEOUT, - SOC_PROTOCOL + SOC_PROTOCOL, + SOC_HOSTKEYCHECK, + SOC_KNOWNHOSTS }; struct ssh_config_keyword_table_s { @@ -56,6 +58,8 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = { { "compression", SOC_COMPRESSION }, { "connecttimeout", SOC_TIMEOUT }, { "protocol", SOC_PROTOCOL }, + { "stricthostkeychecking", SOC_HOSTKEYCHECK }, + { "userknownhostsfile", SOC_KNOWNHOSTS }, { NULL, SOC_UNSUPPORTED } }; @@ -276,6 +280,18 @@ static int ssh_config_parse_line(ssh_session session, const char *line, ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &i); } break; + case SOC_HOSTKEYCHECK: + i = ssh_config_get_yesno(&s, -1); + if (i >= 0 && *parsing) { + ssh_options_set(session, SSH_OPTIONS_HOSTKEYCHECK, &i); + } + break; + case SOC_KNOWNHOSTS: + p = ssh_config_get_str(&s, NULL); + if (p && *parsing) { + ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, p); + } + break; case SOC_UNSUPPORTED: fprintf(stderr, "Unsupported option: %s, line: %d\n", keyword, count); break; diff --git a/libssh/keyfiles.c b/libssh/keyfiles.c index e09de675..3e36989c 100644 --- a/libssh/keyfiles.c +++ b/libssh/keyfiles.c @@ -1648,6 +1648,11 @@ int ssh_is_server_known(ssh_session session) { } } while (1); + if ( (ret == SSH_SERVER_NOT_KNOWN) && (session->StrictHostKeyChecking == 0) ) { + ssh_write_knownhost(session); + ret = SSH_SERVER_KNOWN_OK; + } + SAFE_FREE(host); if (file != NULL) { fclose(file); diff --git a/libssh/options.c b/libssh/options.c index 17e68570..2b3276a2 100644 --- a/libssh/options.c +++ b/libssh/options.c @@ -362,6 +362,10 @@ char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) { * Set the compression to use for server to client * communication (string, "none" or "zlib"). * + * - SSH_OPTIONS_HOSTKEYCHECK: + * Set the parameter StrictHostKeyChecking to avoid + * asking about a fingerprint + * * @param value The value to set. This is a generic pointer and the * datatype which is used should be set according to the * type set. @@ -612,6 +616,14 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, return -1; } break; + case SSH_OPTIONS_HOSTKEYCHECK: + if (value == NULL) { + ssh_set_error_invalid(session, __FUNCTION__); + return -1; + } else { + session->StrictHostKeyChecking = *(int*)value; + } + break; default: ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); return -1; diff --git a/libssh/session.c b/libssh/session.c index e6d9fc7d..ec127f52 100644 --- a/libssh/session.c +++ b/libssh/session.c @@ -90,6 +90,7 @@ ssh_session ssh_new(void) { session->maxchannel = FIRST_CHANNEL; /* options */ + session->StrictHostKeyChecking = 1; session->port = 22; session->fd = -1; session->ssh2 = 1; |