[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sessionIsServerKnow function
[Thread Prev] | [Thread Next]
- Subject: Re: sessionIsServerKnow function
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 07 Jul 2020 11:51:26 +0200
- To: libssh@xxxxxxxxxx
On Thu, 2020-07-02 at 11:25 -0300, Bruno Buzzi Brassesco wrote: > Hi, > (Accidentally send a partial mail) > Thanks to the community for all the answers I get is very helpful. > Just a little context: > I'm writing a wrapper around libssh for Smalltalk language (more > specific > for GemStone/S Smalltalk). > My knowledge of C is very limited compared to your knowledge so maybe > in > some questions I can ask some nonsense :) > > So far I connected to the server now implementing authentication. > The server is 'localhost' but when calling > "ssh_session_is_known_server()" > it answers 2 (SSH_KNOWN_HOSTS_CHANGED). > Checking the code: > /** > * The server key has changed. Either you are under attack or the > * administrator changed the key. You HAVE to warn the user about > a > * possible attack. > */ > Is this normal for 'localhost' ? Or it should answer 1 > (SSH_KNOWN_HOSTS_OK) > ? > If it should answer 1 then what can be the situation for 2 result > with > localhost ? Hello, this requires a bit more knowledge about SSH protocol. For SSH it really does not matter if it is server on localhost or elsewhere -- it connects to it through network which is automatically untrusted. The answer in ssh_session_is_known_server() checks the server host key with your local file (generally ~/.ssh/known_hosts). If you copied this file from previous system, modified your local ssh server or something, it can indeed return this value. Next steps for investigation would be checking what you got in openssh client or other clients and some more debug logs from libssh. Regards, Jakub > thank you for your patience... > regards, > bruno > > El jue., 2 jul. 2020 a las 11:21, Bruno Buzzi Brassesco (< > bruno.brasesco@xxxxxxxxx>) escribió: > > > Hi, > > Thanks to the community for all the answers I get is very helpful. > > Just a little context: > > I'm writing a wrapper around libssh for Smalltalk language (more > > specific > > for GemStone/S Smalltalk). > > My knowledge of C is very limited compared to your knowledge so > > maybe in > > some questions I can ask some nonsense :) > > > > So far I connected to the server now implementing authentication. > > The server is 'localhost' but when calling > > "ssh_session_is_known_server()" > > it answer 2 (SSH_KNOWN_HOSTS_CHANGED). > > Checking the code: > > -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
| sessionIsServerKnow function | Bruno Buzzi Brassesco <bruno.brasesco@xxxxxxxxx> |
| Re: sessionIsServerKnow function | Bruno Buzzi Brassesco <bruno.brasesco@xxxxxxxxx> |