On Tue, Jun 22, 2021 at 01:24:56PM +0100, Daniel P. Berrangé wrote:
 The result of calling ssh_get_publickey_hash() is never used in the
 code, simply being freed on all exit paths. It appears this was
 copied from the libssh docs example code, where the fingerprint
 was indeed printed on the console.
 
 The ssh_session_is_known_server() call will validate against any
 fingerprint stored in the $HOME/.ssh/known_hosts file. The hashes
 in this file will use the algorithm configured for the openssh
 client, which will usually be SHA256 in modern OS.
 
 Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
 ---
  plugins/ssh/ssh.c | 14 --------------
  1 file changed, 14 deletions(-)
 
 diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
 index 994e9834..6d18f18d 100644
 --- a/plugins/ssh/ssh.c
 +++ b/plugins/ssh/ssh.c
 @@ -228,14 +228,6 @@ do_verify_remote_host (struct ssh_handle *h)
      nbdkit_error ("could not get server public key");
      return -1;
    }
 -  rc = ssh_get_publickey_hash (srv_pubkey,
 -                               SSH_PUBLICKEY_HASH_SHA1,
 -                               &hash, &hlen); 
This makes the hash and hlen variables unused, but that's an easy fix.
I fixed it and pushed it, thanks.
Rich.
 -  ssh_key_free (srv_pubkey);
 -  if (rc < 0) {
 -    nbdkit_error ("could not get server public key SHA1 hash");
 -    return -1;
 -  }
  
    state = ssh_session_is_known_server (h->session);
    switch (state) {
 @@ -245,13 +237,11 @@ do_verify_remote_host (struct ssh_handle *h)
  
    case SSH_KNOWN_HOSTS_CHANGED:
      nbdkit_error ("host key for server changed");
 -    ssh_clean_pubkey_hash (&hash);
      return -1;
  
    case SSH_KNOWN_HOSTS_OTHER:
      nbdkit_error ("host key for server was not found "
                    "but another type of key exists");
 -    ssh_clean_pubkey_hash (&hash);
      return -1;
  
    case SSH_KNOWN_HOSTS_NOT_FOUND:
 @@ -259,22 +249,18 @@ do_verify_remote_host (struct ssh_handle *h)
       * host key is set up before using nbdkit so we error out here.
       */
      nbdkit_error ("could not find known_hosts file");
 -    ssh_clean_pubkey_hash (&hash);
      return -1;
  
    case SSH_KNOWN_HOSTS_UNKNOWN:
      nbdkit_error ("host key is unknown, you must use ssh first "
                    "and accept the host key");
 -    ssh_clean_pubkey_hash (&hash);
      return -1;
  
    case SSH_KNOWN_HOSTS_ERROR:
      nbdkit_error ("known hosts error: %s", ssh_get_error (h->session));
 -    ssh_clean_pubkey_hash (&hash);
      return -1;
    }
  
 -  ssh_clean_pubkey_hash (&hash);
    return 0;
  }
  
 -- 
 2.31.1
 
 _______________________________________________
 Libguestfs mailing list
 Libguestfs(a)redhat.com
 
https://listman.redhat.com/mailman/listinfo/libguestfs 
-- 
Richard Jones, Virtualization Group, Red Hat 
http://people.redhat.com/~rjones
Read my programming and virtualization blog: 
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html