[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/3] block: print the server key type and fingerprint on fail
|
From: |
Hanna Reitz |
|
Subject: |
Re: [PATCH 3/3] block: print the server key type and fingerprint on failure |
|
Date: |
Thu, 23 Dec 2021 11:11:24 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 18.11.21 15:35, Daniel P. Berrangé wrote:
When validating the server key fingerprint fails, it is difficult for
the user to know what they got wrong. The fingerprint accepted by QEMU
is received in a different format than openssh displays. There can also
be keys for multiple different ciphers in known_hosts. It may not be
obvious which cipher QEMU will use and whether it will be the same
as openssh. Address this by printing the server key type and its
corresponding fingerprint in the format QEMU accepts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
block/ssh.c | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
Nice!
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
diff --git a/block/ssh.c b/block/ssh.c
index fcc0ab765a..967a2b971e 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -386,14 +386,28 @@ static int compare_fingerprint(const unsigned char
*fingerprint, size_t len,
return *host_key_check - '\0';
}
+static char *format_fingerprint(const unsigned char *fingerprint, size_t len)
+{
+ static const char *hex = "0123456789abcdef";
+ char *ret = g_new0(char, (len * 2) + 1);
+ for (size_t i = 0; i < len; i++) {
+ ret[i * 2] = hex[((fingerprint[i] >> 4) & 0xf)];
+ ret[(i * 2) + 1] = hex[(fingerprint[i] & 0xf)];
(I would have found an sn?printf() solution a bit simpler here
(snprintf(&ret[i * 2], 2, "%02x", fingerprint[i])),
but now you already wrote the code, so...)
+ }
+ ret[len * 2] = '\0';
+ return ret;
+}
- Re: [PATCH 3/3] block: print the server key type and fingerprint on failure,
Hanna Reitz <=