[Libguestfs] [PATCH nbdkit] plugins/ssh: remove pointless code fetching SHA1 fingerprint
Richard W.M. Jones
rjones at redhat.com
Tue Jun 22 13:39:02 UTC 2021
On Tue, Jun 22, 2021 at 01:24:56PM +0100, Daniel P. Berrangé wrote:
> The result of calling ssh_get_publickey_hash() is never used in the
> code, simply being freed on all exit paths. It appears this was
> copied from the libssh docs example code, where the fingerprint
> was indeed printed on the console.
>
> The ssh_session_is_known_server() call will validate against any
> fingerprint stored in the $HOME/.ssh/known_hosts file. The hashes
> in this file will use the algorithm configured for the openssh
> client, which will usually be SHA256 in modern OS.
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> plugins/ssh/ssh.c | 14 --------------
> 1 file changed, 14 deletions(-)
>
> diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
> index 994e9834..6d18f18d 100644
> --- a/plugins/ssh/ssh.c
> +++ b/plugins/ssh/ssh.c
> @@ -228,14 +228,6 @@ do_verify_remote_host (struct ssh_handle *h)
> nbdkit_error ("could not get server public key");
> return -1;
> }
> - rc = ssh_get_publickey_hash (srv_pubkey,
> - SSH_PUBLICKEY_HASH_SHA1,
> - &hash, &hlen);
This makes the hash and hlen variables unused, but that's an easy fix.
I fixed it and pushed it, thanks.
Rich.
> - ssh_key_free (srv_pubkey);
> - if (rc < 0) {
> - nbdkit_error ("could not get server public key SHA1 hash");
> - return -1;
> - }
>
> state = ssh_session_is_known_server (h->session);
> switch (state) {
> @@ -245,13 +237,11 @@ do_verify_remote_host (struct ssh_handle *h)
>
> case SSH_KNOWN_HOSTS_CHANGED:
> nbdkit_error ("host key for server changed");
> - ssh_clean_pubkey_hash (&hash);
> return -1;
>
> case SSH_KNOWN_HOSTS_OTHER:
> nbdkit_error ("host key for server was not found "
> "but another type of key exists");
> - ssh_clean_pubkey_hash (&hash);
> return -1;
>
> case SSH_KNOWN_HOSTS_NOT_FOUND:
> @@ -259,22 +249,18 @@ do_verify_remote_host (struct ssh_handle *h)
> * host key is set up before using nbdkit so we error out here.
> */
> nbdkit_error ("could not find known_hosts file");
> - ssh_clean_pubkey_hash (&hash);
> return -1;
>
> case SSH_KNOWN_HOSTS_UNKNOWN:
> nbdkit_error ("host key is unknown, you must use ssh first "
> "and accept the host key");
> - ssh_clean_pubkey_hash (&hash);
> return -1;
>
> case SSH_KNOWN_HOSTS_ERROR:
> nbdkit_error ("known hosts error: %s", ssh_get_error (h->session));
> - ssh_clean_pubkey_hash (&hash);
> return -1;
> }
>
> - ssh_clean_pubkey_hash (&hash);
> return 0;
> }
>
> --
> 2.31.1
>
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://listman.redhat.com/mailman/listinfo/libguestfs
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the Libguestfs
mailing list