Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-server/pull/164#discussion_r191088179
--- Diff: src/common-ssh/ssh.c ---
@@ -518,6 +520,64 @@ guac_common_ssh_session*
guac_common_ssh_create_session(guac_client* client,
return NULL;
}
+ /* Check known_hosts, start by getting known_hosts file of user
running guacd */
+ struct passwd *pw = getpwuid(getuid());
+ const char *known_hosts = strcat(pw->pw_dir, "/.ssh/known_hosts");
+ LIBSSH2_KNOWNHOSTS *ssh_known_hosts = libssh2_knownhost_init(session);
+ libssh2_knownhost_readfile(ssh_known_hosts, known_hosts,
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+
--- End diff --
Okay, I've implemented it as suggested and verified that it works. The
code seems a little clunky to me, but let me know what you think. I was trying
to avoid duplicating a lot of code checking it, but maybe the host key checking
needs to be split into its own function?
---
