Unfortunately libssh2 doesn't support all types of host keys that can be
saved in the known_hosts file. Also it does not report that parsing of
the file failed. This results into truncated known_hosts files where the
standard client stores keys also in other formats (eg.
ecdsa-sha2-nistp256).
This patch changes the default location of the known_hosts file into the
libvirt private configuration directory, where it will be only written
by the libssh2 layer itself. This prevents thrashing user's files.
---
src/rpc/virnetclient.c | 17 ++++++++++-------
1 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 8ff5e09..4ecc703 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -417,23 +417,25 @@ virNetClientPtr virNetClientNewLibSSH2(const char *host,
char *command = NULL;
char *homedir = virGetUserDirectory();
+ char *confdir = virGetUserConfigDirectory();
char *knownhosts = NULL;
char *privkey = NULL;
/* Use default paths for known hosts an public keys if not provided */
- if (homedir) {
+ if (confdir) {
if (!knownHostsPath) {
- virBufferAsprintf(&buf, "%s/.ssh/known_hosts", homedir);
- if (!(knownhosts = virBufferContentAndReset(&buf)))
- goto no_memory;
-
- if (!(virFileExists(knownhosts)))
- VIR_FREE(knownhosts);
+ if (virFileExists(confdir)) {
+ virBufferAsprintf(&buf, "%s/known_hosts", confdir);
+ if (!(knownhosts = virBufferContentAndReset(&buf)))
+ goto no_memory;
+ }
} else {
if (!(knownhosts = strdup(knownHostsPath)))
goto no_memory;
}
+ }
+ if (homedir) {
if (!privkeyPath) {
/* RSA */
virBufferAsprintf(&buf, "%s/.ssh/id_rsa", homedir);
@@ -501,6 +503,7 @@ cleanup:
VIR_FREE(privkey);
VIR_FREE(knownhosts);
VIR_FREE(homedir);
+ VIR_FREE(confdir);
VIR_FREE(nc);
virObjectUnref(sock);
return ret;
--
1.7.8.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list