Skip Menu |

This queue is for tickets about the Net-SSH2 CPAN distribution.

Report information
The Basics
Id: 132874
Status: open
Priority: 0/
Queue: Net-SSH2
People
Owner: Nobody in particular
Requestors: mattias.paivarinta [...] internetstiftelsen.se
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Jun 24 12:11:47 2020 mattias.paivarinta [...] internetstiftelsen.se - Ticket created
Subject: Feature request: Check if a host is present in known_hosts
Date: Wed, 24 Jun 2020 16:10:34 +0000
To: "bug-Net-SSH2 [...] rt.cpan.org" <bug-Net-SSH2 [...] rt.cpan.org>
From: Mattias Päivärinta <mattias.paivarinta [...] internetstiftelsen.se>
Hello bug-Net-SSH2, I note that the Net::SSH2::KnownHosts module is marked as experimental. I'm taking this opportunity to submit a feature request. I have a use case where I call ssh-keygen -F example.com. If there's no fingerprint for the given host I instruct the user to add it manually and terminate the process. If I could use Net::SSH2::KnownHosts to make the check I'd use that instead of calling out to ssh-keygen. Kind Regards, Mattias
  Wed Jun 24 13:38:50 2020 salva [...] cpan.org - Correspondence added
On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote: Show quoted text
> Hello bug-Net-SSH2, > > I note that the Net::SSH2::KnownHosts module is marked as > experimental. I'm taking this opportunity to submit a feature request. > > I have a use case where I call ssh-keygen -F example.com. If there's > no fingerprint for the given host I instruct the user to add it > manually and terminate the process. If I could use > Net::SSH2::KnownHosts to make the check I'd use that instead of > calling out to ssh-keygen. > > Kind Regards, > Mattias
Hi Mattias, Nowadays Net::SSH2 is mostly in maintenance mode with no new development going on. Just bug fixes. The only realistic way to get that feature added is probably submitting a patch. In any case, have you tried calling the check function with a dummy key? Depending on the key being on the knownhosts file or not, you will get back LIBSSH2_KNOWNHOST_CHECK_MISMATCH or LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively
  Wed Jun 24 13:38:51 2020 The RT System itself - Status changed from 'new' to 'open'
  Thu Jun 25 04:11:06 2020 mattias.paivarinta [...] internetstiftelsen.se - Correspondence added
Subject: RE: [rt.cpan.org #132874] Feature request: Check if a host is present in known_hosts
Date: Thu, 25 Jun 2020 08:09:50 +0000
To: "bug-Net-SSH2 [...] rt.cpan.org" <bug-Net-SSH2 [...] rt.cpan.org>
From: Mattias Päivärinta <mattias.paivarinta [...] internetstiftelsen.se>
Show quoted text
> -----Original Message----- > From: Salvador Fandino Garcia via RT <bug-Net-SSH2@rt.cpan.org> > Sent: den 24 juni 2020 19:39 > To: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se> > Subject: [rt.cpan.org #132874] Feature request: Check if a host is present in > known_hosts > > <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 > > > On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote:
> > Hello bug-Net-SSH2, > > > > I note that the Net::SSH2::KnownHosts module is marked as > > experimental. I'm taking this opportunity to submit a feature request. > > > > I have a use case where I call ssh-keygen -F example.com. If there's > > no fingerprint for the given host I instruct the user to add it > > manually and terminate the process. If I could use > > Net::SSH2::KnownHosts to make the check I'd use that instead of > > calling out to ssh-keygen. > > > > Kind Regards, > > Mattias
> > Hi Mattias, > > Nowadays Net::SSH2 is mostly in maintenance mode with no new development > going on. Just bug fixes. > > The only realistic way to get that feature added is probably submitting a patch. > > > In any case, have you tried calling the check function with a dummy key? > > Depending on the key being on the knownhosts file or not, you will get back > LIBSSH2_KNOWNHOST_CHECK_MISMATCH or > LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively >
Hello Salvador, Actually that should work! I guess I didn't look close enough at the possible response codes. If KnownHosts is in maintenance mode, would you consider stabilizing its API? I'm rather hesitant to use unstable interfaces. I was under the impression that it was under development and would be stabilized when the development phase was completed, and then I could use it. /Mattias
  Thu Jun 25 05:37:49 2020 sfandino [...] yahoo.com - Correspondence added
Subject: Re: [rt.cpan.org #132874] Feature request: Check if a host is present in known_hosts
Date: Thu, 25 Jun 2020 11:37:38 +0200
To: bug-Net-SSH2 [...] rt.cpan.org
From: Salvador Fandiño <sfandino [...] yahoo.com>
On 25/6/20 10:11, Mattias Päivärinta via RT wrote: Show quoted text
> Queue: Net-SSH2 > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 > >
>> -----Original Message----- >> From: Salvador Fandino Garcia via RT <bug-Net-SSH2@rt.cpan.org> >> Sent: den 24 juni 2020 19:39 >> To: Mattias Päivärinta <mattias.paivarinta@internetstiftelsen.se> >> Subject: [rt.cpan.org #132874] Feature request: Check if a host is present in >> known_hosts >> >> <URL: https://rt.cpan.org/Ticket/Display.html?id=132874 > >> >> On Wed Jun 24 12:11:47 2020, mattias.paivarinta@internetstiftelsen.se wrote:
>>> Hello bug-Net-SSH2, >>> >>> I note that the Net::SSH2::KnownHosts module is marked as >>> experimental. I'm taking this opportunity to submit a feature request. >>> >>> I have a use case where I call ssh-keygen -F example.com. If there's >>> no fingerprint for the given host I instruct the user to add it >>> manually and terminate the process. If I could use >>> Net::SSH2::KnownHosts to make the check I'd use that instead of >>> calling out to ssh-keygen. >>> >>> Kind Regards, >>> Mattias
>> Hi Mattias, >> >> Nowadays Net::SSH2 is mostly in maintenance mode with no new development >> going on. Just bug fixes. >> >> The only realistic way to get that feature added is probably submitting a patch. >> >> >> In any case, have you tried calling the check function with a dummy key? >> >> Depending on the key being on the knownhosts file or not, you will get back >> LIBSSH2_KNOWNHOST_CHECK_MISMATCH or >> LIBSSH2_KNOWNHOST_CHECK_NOTFOUND respectively >>
> Hello Salvador, > > Actually that should work! I guess I didn't look close enough at the possible > response codes. > > If KnownHosts is in maintenance mode, would you consider stabilizing its API? > I'm rather hesitant to use unstable interfaces. I was under the impression that > it was under development and would be stabilized when the development phase was > completed, and then I could use it.
The think is that I was never completely sure about that API. It tries to simplified the too C focused interface provided by the underlying libssh2, but that may limit the scope of the Perl API, so I am still reluctant to declare it stable. On the other hand, the check functionality is exposed from the Net::SSH2 class as the check_hostkey method. And that's not experimental, even if Net::SSH2::KnownHosts changes in the future, Net::SSH2::check_hostkey is going to remain backward compatible. In your case, you probably want to use the|LIBSSH2_HOSTKEY_POLICY_STRICT| policy. Show quoted text
> /Mattias >