From 5a2abd34ce9ad97c69906c5fb7b07e26e96fceaa Mon Sep 17 00:00:00 2001 From: Ruben Garcia Azuara Date: Tue, 6 Apr 2010 20:07:01 +0200 Subject: Added support for StrictHostKeyChecking and UserKnownHostsFile parameters. Added OpenSSH parameters to libssh: - StrictHostKeyChecking - UserKnownHostsFile This parameters are useful to avoid checking the fingerprint. Eg: ~/.ssh/config: Host 192.10.20.30 StrictHostKeyChecking no UserKnownHostsFile /dev/null Signed-off-by: Ruben Garcia Azuara Signed-off-by: Andreas Schneider --- libssh/config.c | 18 +++++++++++++++++- libssh/keyfiles.c | 5 +++++ libssh/options.c | 12 ++++++++++++ libssh/session.c | 1 + 4 files changed, 35 insertions(+), 1 deletion(-) (limited to 'libssh') diff --git a/libssh/config.c b/libssh/config.c index beb21fc5..ae794bdc 100644 --- a/libssh/config.c +++ b/libssh/config.c @@ -38,7 +38,9 @@ enum ssh_config_opcode_e { SOC_CIPHERS, SOC_COMPRESSION, SOC_TIMEOUT, - SOC_PROTOCOL + SOC_PROTOCOL, + SOC_HOSTKEYCHECK, + SOC_KNOWNHOSTS }; struct ssh_config_keyword_table_s { @@ -56,6 +58,8 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = { { "compression", SOC_COMPRESSION }, { "connecttimeout", SOC_TIMEOUT }, { "protocol", SOC_PROTOCOL }, + { "stricthostkeychecking", SOC_HOSTKEYCHECK }, + { "userknownhostsfile", SOC_KNOWNHOSTS }, { NULL, SOC_UNSUPPORTED } }; @@ -276,6 +280,18 @@ static int ssh_config_parse_line(ssh_session session, const char *line, ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &i); } break; + case SOC_HOSTKEYCHECK: + i = ssh_config_get_yesno(&s, -1); + if (i >= 0 && *parsing) { + ssh_options_set(session, SSH_OPTIONS_HOSTKEYCHECK, &i); + } + break; + case SOC_KNOWNHOSTS: + p = ssh_config_get_str(&s, NULL); + if (p && *parsing) { + ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, p); + } + break; case SOC_UNSUPPORTED: fprintf(stderr, "Unsupported option: %s, line: %d\n", keyword, count); break; diff --git a/libssh/keyfiles.c b/libssh/keyfiles.c index e09de675..3e36989c 100644 --- a/libssh/keyfiles.c +++ b/libssh/keyfiles.c @@ -1648,6 +1648,11 @@ int ssh_is_server_known(ssh_session session) { } } while (1); + if ( (ret == SSH_SERVER_NOT_KNOWN) && (session->StrictHostKeyChecking == 0) ) { + ssh_write_knownhost(session); + ret = SSH_SERVER_KNOWN_OK; + } + SAFE_FREE(host); if (file != NULL) { fclose(file); diff --git a/libssh/options.c b/libssh/options.c index 17e68570..2b3276a2 100644 --- a/libssh/options.c +++ b/libssh/options.c @@ -362,6 +362,10 @@ char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) { * Set the compression to use for server to client * communication (string, "none" or "zlib"). * + * - SSH_OPTIONS_HOSTKEYCHECK: + * Set the parameter StrictHostKeyChecking to avoid + * asking about a fingerprint + * * @param value The value to set. This is a generic pointer and the * datatype which is used should be set according to the * type set. @@ -612,6 +616,14 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, return -1; } break; + case SSH_OPTIONS_HOSTKEYCHECK: + if (value == NULL) { + ssh_set_error_invalid(session, __FUNCTION__); + return -1; + } else { + session->StrictHostKeyChecking = *(int*)value; + } + break; default: ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); return -1; diff --git a/libssh/session.c b/libssh/session.c index e6d9fc7d..ec127f52 100644 --- a/libssh/session.c +++ b/libssh/session.c @@ -90,6 +90,7 @@ ssh_session ssh_new(void) { session->maxchannel = FIRST_CHANNEL; /* options */ + session->StrictHostKeyChecking = 1; session->port = 22; session->fd = -1; session->ssh2 = 1; -- cgit v1.2.3