Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-server/pull/164#discussion_r191088179 --- Diff: src/common-ssh/ssh.c --- @@ -518,6 +520,64 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, return NULL; } + /* Check known_hosts, start by getting known_hosts file of user running guacd */ + struct passwd *pw = getpwuid(getuid()); + const char *known_hosts = strcat(pw->pw_dir, "/.ssh/known_hosts"); + LIBSSH2_KNOWNHOSTS *ssh_known_hosts = libssh2_knownhost_init(session); + libssh2_knownhost_readfile(ssh_known_hosts, known_hosts, LIBSSH2_KNOWNHOST_FILE_OPENSSH); + --- End diff -- Okay, I've implemented it as suggested and verified that it works. The code seems a little clunky to me, but let me know what you think. I was trying to avoid duplicating a lot of code checking it, but maybe the host key checking needs to be split into its own function?
---