Possibility to specify preferred host key algorithms

In OpenSSH there exists the possibility to use the HostKeyAlgorithms option to specify which host key algorithms to use. When using curl/libcurl together with libssh2, there is however no counterpart to this option.

In a situation where curl is used with the --hostpubmd5 argument to communicate with a server (or libcurl, setting the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option) with for example one rsa key and one ecdsa key, the user of curl can not influence which key is actually used.

This might causes a problem when using the latest version of libssh2, since it allows more types of keys than before. It could be the case that a user expects an md5 fingerprint of an rsa key to be accepted, but now an ecdsa key is used instead, causing a mismatch.

With an option of setting a preferred host key algorithm, this problem could be avoided. Could this be a reasonable feature for curl/libcurl (and possibly libssh2)?

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-08-16