After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 723167 - curlsftpsink: allow remote host authentication by public key fingerprint
curlsftpsink: allow remote host authentication by public key fingerprint
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other Linux
: Normal enhancement
: 1.3.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-01-28 14:12 UTC by Sorin L.
Modified: 2014-05-20 06:58 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Make use of libcurl option: CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 (8.79 KB, patch)
2014-01-28 14:14 UTC, Sorin L.
committed Details | Review

Description Sorin L. 2014-01-28 14:12:25 UTC
The proposed patch makes it possible to authenticate a remote host by its public key MD5-hash, a quite usual scenario.
This possibility is missing at the moment, a 'known_hosts' file being needed.
Comment 1 Sorin L. 2014-01-28 14:14:52 UTC
Created attachment 267407 [details] [review]
Make use of libcurl option: CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
Comment 2 Sebastian Dröge (slomo) 2014-02-04 12:31:18 UTC
Comment on attachment 267407 [details] [review]
Make use of libcurl option: CURLOPT_SSH_HOST_PUBLIC_KEY_MD5

Looks good but why (only) MD5?
Comment 3 Sorin L. 2014-02-04 13:53:04 UTC
> Looks good but why (only) MD5?

libcurl has no support for other types of hashes (at least in the context of SSH keys):
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html (see section: "SSH OPTIONS")

Besides, MD5 is the typical hash used by the OpenSSH ssh & sftp clients, for example:

# ssh johndoe@dh6 <ENTER>
The authenticity of host 'dh6(192.168.0.196)' can't be established.
RSA key fingerprint is d2:75:e8:fd:4b:fb:a7:2c:a0:81:1a:cd:dd:03:db:c7.
Are you sure you want to continue connecting (yes/no)?

In fact, after a quick check of "man ssh", I think MD5 is the only type of hash that these clients (ssh, sftp) can present to the user.
Comment 4 Sebastian Dröge (slomo) 2014-05-20 06:58:31 UTC
commit 9c1e66302dde3fd904a83f62d29b8390d6341392
Author: L. Sorin <sorin@axis.com>
Date:   Tue Jan 28 14:04:11 2014 +0100

    curlsftpsink: authenticate remote host via public key fingerprint
    
    Expose one more libcurl option: CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.
    This allows authenticating the server by the MD5 fingerprint of
    the server's public key.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=723167