2009/5/4 Daniel Stenberg <dan...@haxx.se>: > I'm open for feedback and comments on this. I've not yet figured out the (E) > part so I'm perhaps most interested on that... How does libssh2_hostkey_hash() > relate to all this?
It's been a while since I looked at this but AFAIK libssh2_hostkey_hash() doesn't really relate to this. When asking the user to confirm that such-and-such a hostkey is ok, most clients display a hashed version of the key so that it will fit on the display e.g.: The fingerprint for the RSA key sent by the remote host is 9e:fa:9b:8d:23:51:da:71:bc:d4:ce:3e:41:91:33:9c. I believe the hashing algorithm is standard so that people can recognise the hashed key on any client but this is all libssh2_hostkey_hash() does. The real key, which is much longer, is the key that gets stored in known_hosts. libssh2 doesn't currently provide a way to get at it which means that all libssh2-based clients have to fall back to storing and comparing the hashes. I don't think that this has any real security implications but it rules out using keys stored by other clients in known_hosts or by PuTTY in the registry. HTH Alex ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ libssh2-devel mailing list libssh2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-devel
