Re: patch to allow for ssh md5 checking option
Date: Mon, 24 Sep 2007 11:22:43 -0700
On Mon, Sep 24, 2007 at 10:49:57AM -0700, Johnny Luong wrote:
> I've attached a patch (against curl-7.17.0) to the scp/sftp subsystem so
> that it'll take another option, the md5 fingerprint of the host public
> key, and fail if it doesn't match up to what the user thinks it should be.
> Let me know if you have any thoughts on it.
I think this is a great idea! I like the libcurl side of things (although
I think the code should err out in the case
strlen(data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) != 32)
), but I think expecting the user to provide a MD5 string on the command-line
is a bit much to expect on the curl side and will seldom get used. Instead,
I think curl should automatically derive the MD5 fingerprint directly
from a host entry in an OpenSSH-compatible ~/.ssh/known_hosts file,
with a command-line option used to disable that check (like -k for SSL).
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2007-09-24