lib/libssh

mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-19 01:25:45 +03:00

Go to file

Anderson Toshiyuki Sasaki f18a7cc17e kex: Do not ignore keys in known_hosts files

Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean,
including the client configuration file, the keys in known_hosts files
wouldn't be considered before advertising the list of wanted host keys.

This could result in the client requesting the server to provide a
signature using a key not present in the known_hosts files (e.g. when
the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the
known_hosts files), causing a host key mismatch and possible key
rejection.

Now, the keys present in the known_hosts files are prioritized over the
other wanted keys.  This do not change the fact that only keys of types
present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and
prioritized following the order defined by such list.

The new wanted list of hostkeys is given by:
 - The keys present in known_hosts files, ordered by preference defined
   in SSH_OPTIONS_HOSTKEYS.  If the option is not set, a default order
   of preference is used.
 - The other keys present in the same option are appended without adding
   duplicates.  If the option is not set, the default list of keys is
   used.

Fixes: T156

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

2019-07-04 10:29:20 +02:00

cmake

cmake: Add support for MemorySanitizer

2019-01-25 16:07:50 +01:00

doc

sftp_get_error returns int, not char *.

2019-03-25 18:51:15 +01:00

examples

examples: Check ssh_event_dopoll() return value

2019-06-27 10:31:46 +02:00

include

knownhosts: Introduced ssh_known_hosts_get_algorithms_names()

2019-07-04 10:29:20 +02:00

obj

cmake: Introduce symbol versioning

2018-08-08 20:58:23 +02:00

src

kex: Do not ignore keys in known_hosts files

2019-07-04 10:29:20 +02:00

tests

kex: Do not ignore keys in known_hosts files

2019-07-04 10:29:20 +02:00

.arcconfig

arcconfig: Add missing comma

2017-08-21 09:12:36 +02:00

.gitignore

Ignore all build and obj* directories

2015-10-28 09:28:33 +01:00

.gitlab-ci.yml

gitlab-ci: Re-enable client tests in CentOS7

2019-06-26 17:36:46 +02:00

AUTHORS

src: Update my mail address.

2014-01-07 16:08:23 +01:00

BSD

added a file from openssh needed for known host parsing

2008-11-02 23:46:55 +00:00

ChangeLog

Update ChangeLog to add FIPS

2019-06-24 16:01:48 +02:00

CMakeLists.txt

Bump SO version to 4.8.1

2019-06-14 15:22:56 +02:00

CompilerChecks.cmake

cmake: Add -Wmissing-field-initializers compile flag

2019-01-22 13:12:25 +01:00

config.h.cmake

cmake,options: Allow to set global client config file

2019-05-14 17:20:39 +02:00

ConfigureChecks.cmake

Use a common KDF function

2019-03-07 12:03:32 +01:00

COPYING

COPYING: Reformat the last paragraph

2018-11-17 20:11:51 +01:00

CPackConfig.cmake

cpack: Fix ignore files

2018-08-10 14:18:18 +02:00

CTestConfig.cmake

cmake: Drop reports via https only.

2015-02-20 15:47:22 +01:00

DefineOptions.cmake

cmake,options: Allow to set global client config file

2019-05-14 17:20:39 +02:00

INSTALL

Update INSTALL file

2019-02-07 10:30:05 +01:00

libssh-config.cmake.in

cmake: Refresh the CMake Config files

2018-11-06 13:53:43 +01:00

libssh.pc.cmake

cmake: Fix pkg-config file

2018-08-13 13:44:58 +02:00

README

Update the README

2016-05-02 11:55:39 +02:00

README.CodingStyle

README.Coding: Add section about pointers

2017-09-11 17:14:21 +02:00

README.mbedtls

pki: Add mbedTLS ECDSA key comparison support

2018-03-07 15:44:05 +01:00

README.md

README: Added markdown readmine with gitlab CI badge

2018-04-18 10:51:43 +02:00

SubmittingPatches

Update SubmittingPatches

2017-02-27 11:49:10 +01:00

README.md

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'SubmittingPatches' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team