Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Net-SSH2 CPAN distribution.

Report information
The Basics
Id:
132874
Status:
open
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
mattias.paivarinta [...] internetstiftelsen.se
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



Subject: Feature request: Check if a host is present in known_hosts
Date: Wed, 24 Jun 2020 16:10:34 +0000
To: "bug-Net-SSH2@rt.cpan.org" <bug-Net-SSH2@rt.cpan.org>
From: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se>

Hello bug-Net-SSH2,

 

I note that the Net::SSH2::KnownHosts module is marked as experimental. I’m taking this opportunity to submit a feature request.

 

I have a use case where I call ssh-keygen -F example.com. If there’s no fingerprint for the given host I instruct the user to add it manually and terminate the process. If I could use Net::SSH2::KnownHosts to make the check I’d use that instead of calling out to ssh-keygen.

 

Kind Regards,

Mattias

On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote:
Show quoted text
> Hello bug-Net-SSH2, > > I note that the Net::SSH2::KnownHosts module is marked as > experimental. I'm taking this opportunity to submit a feature request. > > I have a use case where I call ssh-keygen -F example.com. If there's > no fingerprint for the given host I instruct the user to add it > manually and terminate the process. If I could use > Net::SSH2::KnownHosts to make the check I'd use that instead of > calling out to ssh-keygen. > > Kind Regards, > Mattias
Hi Mattias, Nowadays Net::SSH2 is mostly in maintenance mode with no new development going on. Just bug fixes. The only realistic way to get that feature added is probably submitting a patch. In any case, have you tried calling the check function with a dummy key? Depending on the key being on the knownhosts file or not, you will get back LIBSSH2_KNOWNHOST_CHECK_MISMATCH or LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively
Subject: RE: [rt.cpan.org #132874] Feature request: Check if a host is present in known_hosts
Date: Thu, 25 Jun 2020 08:09:50 +0000
To: "bug-Net-SSH2@rt.cpan.org" <bug-Net-SSH2@rt.cpan.org>
From: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se>
Show quoted text
> -----Original Message----- > From: Salvador Fandino Garcia via RT <bug-Net-SSH2@rt.cpan.org> > Sent: den 24 juni 2020 19:39 > To: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se> > Subject: [rt.cpan.org #132874] Feature request: Check if a host is present in > known_hosts > > <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 > > > On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote:
> > Hello bug-Net-SSH2, > > > > I note that the Net::SSH2::KnownHosts module is marked as > > experimental. I'm taking this opportunity to submit a feature request. > > > > I have a use case where I call ssh-keygen -F example.com. If there's > > no fingerprint for the given host I instruct the user to add it > > manually and terminate the process. If I could use > > Net::SSH2::KnownHosts to make the check I'd use that instead of > > calling out to ssh-keygen. > > > > Kind Regards, > > Mattias
> > Hi Mattias, > > Nowadays Net::SSH2 is mostly in maintenance mode with no new development > going on. Just bug fixes. > > The only realistic way to get that feature added is probably submitting a patch. > > > In any case, have you tried calling the check function with a dummy key? > > Depending on the key being on the knownhosts file or not, you will get back > LIBSSH2_KNOWNHOST_CHECK_MISMATCH or > LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively >
Hello Salvador, Actually that should work! I guess I didn't look close enough at the possible response codes. If KnownHosts is in maintenance mode, would you consider stabilizing its API? I'm rather hesitant to use unstable interfaces. I was under the impression that it was under development and would be stabilized when the development phase was completed, and then I could use it. /Mattias
Subject: Re: [rt.cpan.org #132874] Feature request: Check if a host is present in known_hosts
Date: Thu, 25 Jun 2020 11:37:38 +0200
To: bug-Net-SSH2@rt.cpan.org
From: Salvador Fandiño <sfandino@yahoo.com>


On 25/6/20 10:11, Mattias Päivärinta via RT wrote:
Show quoted text
       Queue: Net-SSH2
 Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 >


-----Original Message----- From: Salvador Fandino Garcia via RT <bug-Net-SSH2@rt.cpan.org> Sent: den 24 juni 2020 19:39 To: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se> Subject: [rt.cpan.org #132874] Feature request: Check if a host is present in known_hosts <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 > On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote:
Hello bug-Net-SSH2,

I note that the Net::SSH2::KnownHosts module is marked as
experimental. I'm taking this opportunity to submit a feature request.

I have a use case where I call ssh-keygen -F example.com. If there's
no fingerprint for the given host I instruct the user to add it
manually and terminate the process. If I could use
Net::SSH2::KnownHosts to make the check I'd use that instead of
calling out to ssh-keygen.

Kind Regards,
Mattias
Hi Mattias,

Nowadays Net::SSH2 is mostly in maintenance mode with no new development
going on. Just bug fixes.

The only realistic way to get that feature added is probably submitting a patch.


In any case, have you tried calling the check function with a dummy key?

Depending on the key being on the knownhosts file or not, you will get back
LIBSSH2_KNOWNHOST_CHECK_MISMATCH or
LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively

Hello Salvador,

Actually that should work! I guess I didn't look close enough at the possible
response codes.

If KnownHosts is in maintenance mode, would you consider stabilizing its API?
I'm rather hesitant to use unstable interfaces. I was under the impression that
it was under development and would be stabilized when the development phase was
completed, and then I could use it.

The think is that I was never completely sure about that API. It tries to simplified the too C focused interface provided by the underlying libssh2, but that may limit the scope of the Perl API, so I am still reluctant to declare it stable.

On the other hand, the check functionality is exposed from the Net::SSH2 class as the check_hostkey method. And that's not experimental, even if Net::SSH2::KnownHosts changes in the future, Net::SSH2::check_hostkey is going to remain backward compatible.

In your case, you probably want to use the LIBSSH2_HOSTKEY_POLICY_STRICT policy.





Show quoted text
/Mattias



This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.