cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: patch to allow for ssh md5 checking option

From: Johnny Luong <johnny_at_trustcommerce.com>
Date: Mon, 24 Sep 2007 15:28:31 -0700

Daniel Stenberg wrote:
> On Mon, 24 Sep 2007, Johnny Luong wrote:
>
> (Please don't top-post)
>
>> Yah, I was thinking of that too, but I needed something now (for
>> internal use) and the known_hosts format that openssh uses is somewhat
>> complicated.
>
> I want to second Dan's comment here that the libcurl part was perfect,
> but the curl tool end is not really that convenient. How would a user
> even get the md5sum for the public key? With an option like this, won't
> we also need an option that can store the key this way for use at later
> invokes?

The user gets this over some other secure channel from the host (the
right way), or if they don't mind the initial security problem, they can
always use ssh to retrieve the key on the first connect. The user would
have to set this option at the API level (CURLOPT_SSH_HOST_PUBLIC...) or
as a command line option every time and figure out their own way of
storing it. It might be better once the known_hosts option (if
implemented) would use this new option to get new keys as needed and
handle the storage implicitly.

>
>> My hope was maybe it would go in so I don't maintain a separate branch
>
> I like the patch and I think we should work on getting it added!
>
>> at some later point, another option would be provided which would use
>> a local database (e.g: known_hosts).
>
> I think it would make the most sense to support the openssh format of
> that file then. Don't you?

I totally agree.

>
> Oh, and a little nit about the code style in the patch... There were
> multiple
> lines longer than 80 columns:
>
> http://curl.haxx.se/docs/contribute.html#Line_Lengths
>

I've updated the patch and most of the lines are under that length
except the text string (other text lines seem to break that but its part
of an array).

Best Regards,
Johnny Luong

Received on 2007-09-25