Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-server/pull/164#discussion_r179728057 --- Diff: src/common-ssh/ssh.c --- @@ -518,6 +520,64 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, return NULL; } + /* Check known_hosts, start by getting known_hosts file of user running guacd */ + struct passwd *pw = getpwuid(getuid()); + const char *known_hosts = strcat(pw->pw_dir, "/.ssh/known_hosts"); + LIBSSH2_KNOWNHOSTS *ssh_known_hosts = libssh2_knownhost_init(session); + libssh2_knownhost_readfile(ssh_known_hosts, known_hosts, LIBSSH2_KNOWNHOST_FILE_OPENSSH); + --- End diff -- I'm not dead set on this change, here, but basically, in addition to allowing the client to provide a host key, I've also put this code in that reads in the .ssh/known_hosts file from the user running guacd. There may be situations where admins do not want to individually enter every host key in the Guacamole interface and would rather just copy the known_hosts file from a known good location. There are a couple of alternatives we could consider to having it check the .ssh/known_hosts file from the guacd user's home directory: - Use /etc/guacamole/known_hosts, instead, or wherever guacd.conf is located. - Have the client pass through the location of a known_hosts file in addition to an actual host key. Thoughts?