Subject: Re: known_hosts support (first take)

Re: known_hosts support (first take)

From: Simon Josefsson <simon_at_josefsson.org>
Date: Tue, 05 May 2009 11:25:31 +0200

Daniel Stenberg <daniel_at_haxx.se> writes:

> On Mon, 4 May 2009, J.T. Conklin wrote:
>
>>> A read the known_hosts file(s) and keep a set of hosts/key pair in memory
>>> B compare a host/key with the known set to see if it exists and if so if it
>>> matches the key
>>> C add/replace a host key/key in the in-memory set
>>> D write the in-memory set to a file
>>> E extract an (OpenSSH-compatible) key for key checking - from a connected
>>> session
>
>> But it seems to me, a general purpose library like libssh2 should
>> support fetching and storing known host entries, keys, etc. with a
>> layer of indirection, with replaceable function pointer hooks.
>
> While I don't think we need to do any of that now, as this approach of mine
> doesn't shut the doors for this kind of flexible import/export features, we
> can just as well provide a function for the addition of keys, and have an
> access-function for reading them and that should be pretty much what's needed
> to offer all that functionality.
>
> The functions for reading and writing OpenSSH functions could then use those
> functions.

That sounds good. I think it is important that the APIs doesn't become
OpenSSH specific. It is still important to support OpenSSH-style files,
because they are common and easily testable. The OpenSSH support should
probably be done by auxilliary functions that read OpenSSH files into
some format that is understood by the normal libssh2 API functions.

I wish I had more time to help here..

/Simon

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-05-05