From: Hanna Reitz <hreitz@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
"Richard W.M. Jones" <rjones@redhat.com>,
qemu-block@nongnu.org
Subject: Re: [PATCH 3/3] block: print the server key type and fingerprint on failure
Date: Thu, 23 Dec 2021 11:11:24 +0100 [thread overview]
Message-ID: <0a856200-c53d-ca61-32e8-dd2d65e747c3@redhat.com> (raw)
In-Reply-To: <20211118143547.2045554-4-berrange@redhat.com>
On 18.11.21 15:35, Daniel P. Berrangé wrote:
> When validating the server key fingerprint fails, it is difficult for
> the user to know what they got wrong. The fingerprint accepted by QEMU
> is received in a different format than openssh displays. There can also
> be keys for multiple different ciphers in known_hosts. It may not be
> obvious which cipher QEMU will use and whether it will be the same
> as openssh. Address this by printing the server key type and its
> corresponding fingerprint in the format QEMU accepts.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> block/ssh.c | 37 ++++++++++++++++++++++++++++++-------
> 1 file changed, 30 insertions(+), 7 deletions(-)
Nice!
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
> diff --git a/block/ssh.c b/block/ssh.c
> index fcc0ab765a..967a2b971e 100644
> --- a/block/ssh.c
> +++ b/block/ssh.c
> @@ -386,14 +386,28 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
> return *host_key_check - '\0';
> }
>
> +static char *format_fingerprint(const unsigned char *fingerprint, size_t len)
> +{
> + static const char *hex = "0123456789abcdef";
> + char *ret = g_new0(char, (len * 2) + 1);
> + for (size_t i = 0; i < len; i++) {
> + ret[i * 2] = hex[((fingerprint[i] >> 4) & 0xf)];
> + ret[(i * 2) + 1] = hex[(fingerprint[i] & 0xf)];
(I would have found an sn?printf() solution a bit simpler here
(snprintf(&ret[i * 2], 2, "%02x", fingerprint[i])),
but now you already wrote the code, so...)
> + }
> + ret[len * 2] = '\0';
> + return ret;
> +}
next prev parent reply other threads:[~2021-12-23 10:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 14:35 [PATCH 0/3] block: misc fixes & improvements for SSH block driver key fingerprints Daniel P. Berrangé
2021-11-18 14:35 ` [PATCH 1/3] block: better document SSH host key fingerprint checking Daniel P. Berrangé
2021-12-23 9:37 ` Hanna Reitz
2021-11-18 14:35 ` [PATCH 2/3] block: support sha256 fingerprint with pre-blockdev options Daniel P. Berrangé
2021-12-23 9:45 ` Hanna Reitz
2021-11-18 14:35 ` [PATCH 3/3] block: print the server key type and fingerprint on failure Daniel P. Berrangé
2021-12-23 10:11 ` Hanna Reitz [this message]
2021-12-23 10:18 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a856200-c53d-ca61-32e8-dd2d65e747c3@redhat.com \
--to=hreitz@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).