Added support for StrictHostKeyChecking and UserKnownHostsFile parameters.

Added OpenSSH parameters to libssh:
  - StrictHostKeyChecking
  - UserKnownHostsFile

This parameters are useful to avoid checking the fingerprint. Eg:

~/.ssh/config:
    Host 192.10.20.30
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Signed-off-by: Ruben Garcia Azuara <rubenga@tid.es>
Signed-off-by: Andreas Schneider <mail@cynapses.org>

4 files changed, 35 insertions, 1 deletions

diff --git a/libssh/config.c b/libssh/config.c
index beb21fc5..ae794bdc 100644
--- a/libssh/config.c
+++ b/libssh/config.c
@@ -38,7 +38,9 @@ enum ssh_config_opcode_e {
   SOC_CIPHERS,
   SOC_COMPRESSION,
   SOC_TIMEOUT,
-  SOC_PROTOCOL
+  SOC_PROTOCOL,
+  SOC_HOSTKEYCHECK,
+  SOC_KNOWNHOSTS
 };
 
 struct ssh_config_keyword_table_s {
@@ -56,6 +58,8 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "compression", SOC_COMPRESSION },
   { "connecttimeout", SOC_TIMEOUT },
   { "protocol", SOC_PROTOCOL },
+  { "stricthostkeychecking", SOC_HOSTKEYCHECK },
+  { "userknownhostsfile", SOC_KNOWNHOSTS },
   { NULL, SOC_UNSUPPORTED }
 };
 
@@ -276,6 +280,18 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
         ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &i);
       }
       break;
+    case SOC_HOSTKEYCHECK:
+      i = ssh_config_get_yesno(&s, -1);
+      if (i >= 0 && *parsing) {
+        ssh_options_set(session, SSH_OPTIONS_HOSTKEYCHECK, &i);
+      }
+      break;
+    case SOC_KNOWNHOSTS:
+      p = ssh_config_get_str(&s, NULL);
+      if (p && *parsing) {
+        ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, p);
+      }
+      break;
     case SOC_UNSUPPORTED:
       fprintf(stderr, "Unsupported option: %s, line: %d\n", keyword, count);
       break;
diff --git a/libssh/keyfiles.c b/libssh/keyfiles.c
index e09de675..3e36989c 100644
--- a/libssh/keyfiles.c
+++ b/libssh/keyfiles.c
@@ -1648,6 +1648,11 @@ int ssh_is_server_known(ssh_session session) {
     }
   } while (1);
 
+  if ( (ret == SSH_SERVER_NOT_KNOWN) && (session->StrictHostKeyChecking == 0) ) {
+    ssh_write_knownhost(session);
+    ret = SSH_SERVER_KNOWN_OK;
+  }
+
   SAFE_FREE(host);
   if (file != NULL) {
     fclose(file);
diff --git a/libssh/options.c b/libssh/options.c
index 17e68570..2b3276a2 100644
--- a/libssh/options.c
+++ b/libssh/options.c
@@ -362,6 +362,10 @@ char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) {
  *                        Set the compression to use for server to client
  *                        communication (string, "none" or "zlib").
  *
+ *                      - SSH_OPTIONS_HOSTKEYCHECK:
+ *                        Set the parameter StrictHostKeyChecking to avoid
+ *                        asking about a fingerprint
+ *
  * @param  value        The value to set. This is a generic pointer and the
  *                      datatype which is used should be set according to the
  *                      type set.
@@ -612,6 +616,14 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
           return -1;
       }
       break;
+    case SSH_OPTIONS_HOSTKEYCHECK:
+      if (value == NULL) {
+        ssh_set_error_invalid(session, __FUNCTION__);
+        return -1;
+      } else {
+        session->StrictHostKeyChecking = *(int*)value;
+      }
+      break;
     default:
       ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
       return -1;
diff --git a/libssh/session.c b/libssh/session.c
index e6d9fc7d..ec127f52 100644
--- a/libssh/session.c
+++ b/libssh/session.c
@@ -90,6 +90,7 @@ ssh_session ssh_new(void) {
   session->maxchannel = FIRST_CHANNEL;
 
   /* options */
+  session->StrictHostKeyChecking = 1;
   session->port = 22;
   session->fd = -1;
   session->ssh2 = 1;