[Libguestfs] [PATCH nbdkit] plugins/ssh: remove pointless code fetching SHA1 fingerprint

Richard W.M. Jones rjones at redhat.com
Tue Jun 22 13:39:02 UTC 2021 

On Tue, Jun 22, 2021 at 01:24:56PM +0100, Daniel P. Berrangé wrote:
> The result of calling ssh_get_publickey_hash() is never used in the
> code, simply being freed on all exit paths. It appears this was
> copied from the libssh docs example code, where the fingerprint
> was indeed printed on the console.
> 
> The ssh_session_is_known_server() call will validate against any
> fingerprint stored in the $HOME/.ssh/known_hosts file. The hashes
> in this file will use the algorithm configured for the openssh
> client, which will usually be SHA256 in modern OS.
> 
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
>  plugins/ssh/ssh.c | 14 --------------
>  1 file changed, 14 deletions(-)
> 
> diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
> index 994e9834..6d18f18d 100644
> --- a/plugins/ssh/ssh.c
> +++ b/plugins/ssh/ssh.c
> @@ -228,14 +228,6 @@ do_verify_remote_host (struct ssh_handle *h)
>      nbdkit_error ("could not get server public key");
>      return -1;
>    }
> -  rc = ssh_get_publickey_hash (srv_pubkey,
> -                               SSH_PUBLICKEY_HASH_SHA1,
> -                               &hash, &hlen);

This makes the hash and hlen variables unused, but that's an easy fix.
I fixed it and pushed it, thanks.

Rich.

> -  ssh_key_free (srv_pubkey);
> -  if (rc < 0) {
> -    nbdkit_error ("could not get server public key SHA1 hash");
> -    return -1;
> -  }
>  
>    state = ssh_session_is_known_server (h->session);
>    switch (state) {
> @@ -245,13 +237,11 @@ do_verify_remote_host (struct ssh_handle *h)
>  
>    case SSH_KNOWN_HOSTS_CHANGED:
>      nbdkit_error ("host key for server changed");
> -    ssh_clean_pubkey_hash (&hash);
>      return -1;
>  
>    case SSH_KNOWN_HOSTS_OTHER:
>      nbdkit_error ("host key for server was not found "
>                    "but another type of key exists");
> -    ssh_clean_pubkey_hash (&hash);
>      return -1;
>  
>    case SSH_KNOWN_HOSTS_NOT_FOUND:
> @@ -259,22 +249,18 @@ do_verify_remote_host (struct ssh_handle *h)
>       * host key is set up before using nbdkit so we error out here.
>       */
>      nbdkit_error ("could not find known_hosts file");
> -    ssh_clean_pubkey_hash (&hash);
>      return -1;
>  
>    case SSH_KNOWN_HOSTS_UNKNOWN:
>      nbdkit_error ("host key is unknown, you must use ssh first "
>                    "and accept the host key");
> -    ssh_clean_pubkey_hash (&hash);
>      return -1;
>  
>    case SSH_KNOWN_HOSTS_ERROR:
>      nbdkit_error ("known hosts error: %s", ssh_get_error (h->session));
> -    ssh_clean_pubkey_hash (&hash);
>      return -1;
>    }
>  
> -  ssh_clean_pubkey_hash (&hash);
>    return 0;
>  }
>  
> -- 
> 2.31.1
> 
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://listman.redhat.com/mailman/listinfo/libguestfs

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list