Go to file
Salvador Fandino 85c6627c86 knownhosts: handle unknown key types
Store but don't use keys of unsupported types on the known_hosts file.

Currently, when libssh2 parses a known_host file containing keys of some
type it doesn't natively support, it stops reading the file and returns
an error.

That means, that the known_host file can not be safely shared with other
software supporting other key types (i.e. OpenSSH).

This patch adds support for handling keys of unknown type. It can read
and write them, even if they are never going to be matched.

At the source level the patch does the following things:

- add a new unknown key type LIBSSH2_KNOWNHOST_KEY_UNKNOWN

- add a new slot (key_type_name) on the known_host struct that is
used to store the key type in ascii form when it is not supported

- parse correctly known_hosts entries with unknown key types and
populate the key_type_name slot

- print correctly known_hosts entries of unknown type

- when checking a host key ignore keys that do not match the key

Fixes #276
2013-10-27 10:57:31 +01:00
docs man page: add missing function argument 2013-10-16 23:19:14 +02:00
example examples: use stderr for messages, stdout for data 2012-10-22 13:39:58 +02:00
include knownhosts: handle unknown key types 2013-10-27 10:57:31 +01:00
m4 Ignore libssh2_config.h.in and stamp-h2 in example/ and remove .cvsignore 2010-01-30 00:25:46 +01:00
nw Fixed copyright string for NetWare build. 2013-04-12 18:00:29 +02:00
src knownhosts: handle unknown key types 2013-10-27 10:57:31 +01:00
tests Add manpage syntax checker to 'check' target 2011-09-12 15:38:00 +02:00
vms VMS specific: make sure final release can be installed over daily build 2010-05-22 11:06:08 +01:00
win32 windows build: fix build errors 2013-10-16 23:23:26 +02:00
.gitattribute Ensure that win32/libssh2.dsp will be generated with CRLF line endings 2009-10-17 02:58:53 +02:00
.gitignore ignore TAGS ("make tags" makes them) 2010-03-24 15:38:44 +01:00
acinclude.m4 Fix shell usage. 2009-09-23 09:39:47 +02:00
AUTHORS AUTHORS: synced with 42fec44c8a 2012-08-19 23:34:53 +02:00
buildconf Make it portable; test uses = for string comparison (not ==). Indent. 2010-02-23 15:27:18 +01:00
config.rpath Revert "config.rpath: generated file, no need to keep in git" 2012-06-11 14:52:31 +02:00
configure.ac configure.ac: Call zlib zlib and not libz in text but keep option names 2013-09-15 21:13:27 +02:00
COPYING Add re-discovered copyright holders to COPYING 2010-05-05 15:45:17 +07:00
get_ver.awk Added copyright define to libssh2.h and use it for binary builds. 2010-08-15 04:09:01 +02:00
git2news.pl NEWS: auto-generated from git 2011-04-04 13:31:33 +02:00
HACKING Mention libssh2-style.el. 2009-10-29 10:39:15 +01:00
libssh2-style.el helper script for emacs users to get the code style done libssh2-style 2008-12-20 12:36:50 +00:00
libssh2.pc.in Changed 'Requires' to 'Requires.private'. 2012-04-23 12:33:08 +02:00
Makefile.am Revert "config.rpath: generated file, no need to keep in git" 2012-06-11 14:52:31 +02:00
Makefile.inc Clean up crypto library abstraction in build system and source code 2013-09-15 20:56:54 +02:00
maketgz maketgz: use git2news.pl by the correct name 2011-04-05 19:19:49 +02:00
NEWS NEWS: auto-generated from git 2011-04-04 13:31:33 +02:00
NMakefile Added hack to make use of Makefile.inc. 2012-10-24 03:22:07 +02:00
README Update mailing list URL to new address 2009-07-10 20:11:29 +02:00
RELEASE-NOTES RELEASE-NOTES: fixed for 1.4.3 2012-11-27 22:44:09 +01:00
TODO TODO: remove issues we (sort of) did already 2011-12-09 14:21:36 +01:00

libssh2 - SSH2 library
======================

libssh2 is a library implementing the SSH2 protocol, available under
the revised BSD license.

Web site: http://www.libssh2.org/

Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel

Generic installation instructions are in INSTALL.  Some ./configure
options deserve additional comments:

	* --enable-crypt-none

		The SSH2 Transport allows for unencrypted data
		transmission using the "none" cipher.  Because this is
		such a huge security hole, it is typically disabled on
		SSH2 implementations and is disabled in libssh2 by
		default as well.

		Enabling this option will allow for "none" as a
		negotiable method, however it still requires that the
		method be advertized by the remote end and that no
		more-preferable methods are available.

	* --enable-mac-none

		The SSH2 Transport also allows implementations to
		forego a message authentication code.  While this is
		less of a security risk than using a "none" cipher, it
		is still not recommended as disabling MAC hashes
		removes a layer of security.

		Enabling this option will allow for "none" as a
		negotiable method, however it still requires that the
		method be advertized by the remote end and that no
		more-preferable methods are available.

	* --disable-gex-new

		The diffie-hellman-group-exchange-sha1 (dh-gex) key
		exchange method originally defined an exchange
		negotiation using packet type 30 to request a
		generation pair based on a single target value.  Later
		refinement of dh-gex provided for range and target
		values.  By default libssh2 will use the newer range
		method.

		If you experience trouble connecting to an old SSH
		server using dh-gex, try this option to fallback on
		the older more reliable method.

  	* --with-libgcrypt
  	* --without-libgcrypt
	* --with-libgcrypt-prefix=DIR

		libssh2 can use the Libgcrypt library
		(http://www.gnupg.org/) for cryptographic operations.
		Either Libgcrypt or OpenSSL is required.

		Configure will attempt to locate Libgcrypt
		automatically.

 		If your installation of Libgcrypt is in another
		location, specify it using --with-libgcrypt-prefix.

	* --with-openssl
	* --without-openssl
	* --with-libssl-prefix=[DIR]

		libssh2 can use the OpenSSL library
		(http://www.openssl.org) for cryptographic operations.
		Either Libgcrypt or OpenSSL is required.

		Configure will attempt to locate OpenSSL in the
		default location.

		If your installation of OpenSSL is in another
		location, specify it using --with-libssl-prefix.

	* --with-libz
	* --without-libz
	* --with-libz-prefix=[DIR]

		If present, libssh2 will attempt to use the zlib
		(http://www.zlib.org) for payload compression, however
		zlib is not required.

		If your installation of Libz is in another location,
		specify it using --with-libz-prefix.

	* --enable-debug

		Will make the build use more pedantic and strict compiler
		options as well as enable the libssh2_trace() function (for
		showing debug traces).