From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>,
"Hanna Reitz" <hreitz@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Richard W.M. Jones" <rjones@redhat.com>,
qemu-block@nongnu.org
Subject: [PATCH 3/3] block: print the server key type and fingerprint on failure
Date: Thu, 18 Nov 2021 14:35:47 +0000 [thread overview]
Message-ID: <20211118143547.2045554-4-berrange@redhat.com> (raw)
In-Reply-To: <20211118143547.2045554-1-berrange@redhat.com>
When validating the server key fingerprint fails, it is difficult for
the user to know what they got wrong. The fingerprint accepted by QEMU
is received in a different format than openssh displays. There can also
be keys for multiple different ciphers in known_hosts. It may not be
obvious which cipher QEMU will use and whether it will be the same
as openssh. Address this by printing the server key type and its
corresponding fingerprint in the format QEMU accepts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
block/ssh.c | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/block/ssh.c b/block/ssh.c
index fcc0ab765a..967a2b971e 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -386,14 +386,28 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
return *host_key_check - '\0';
}
+static char *format_fingerprint(const unsigned char *fingerprint, size_t len)
+{
+ static const char *hex = "0123456789abcdef";
+ char *ret = g_new0(char, (len * 2) + 1);
+ for (size_t i = 0; i < len; i++) {
+ ret[i * 2] = hex[((fingerprint[i] >> 4) & 0xf)];
+ ret[(i * 2) + 1] = hex[(fingerprint[i] & 0xf)];
+ }
+ ret[len * 2] = '\0';
+ return ret;
+}
+
static int
check_host_key_hash(BDRVSSHState *s, const char *hash,
- enum ssh_publickey_hash_type type, Error **errp)
+ enum ssh_publickey_hash_type type, const char *typestr,
+ Error **errp)
{
int r;
ssh_key pubkey;
unsigned char *server_hash;
size_t server_hash_len;
+ const char *keytype;
r = ssh_get_server_publickey(s->session, &pubkey);
if (r != SSH_OK) {
@@ -401,6 +415,8 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
return -EINVAL;
}
+ keytype = ssh_key_type_to_char(ssh_key_type(pubkey));
+
r = ssh_get_publickey_hash(pubkey, type, &server_hash, &server_hash_len);
ssh_key_free(pubkey);
if (r != 0) {
@@ -410,12 +426,16 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
}
r = compare_fingerprint(server_hash, server_hash_len, hash);
- ssh_clean_pubkey_hash(&server_hash);
if (r != 0) {
- error_setg(errp, "remote host key does not match host_key_check '%s'",
- hash);
+ g_autofree char *server_fp = format_fingerprint(server_hash,
+ server_hash_len);
+ error_setg(errp, "remote host %s key fingerprint '%s:%s' "
+ "does not match host_key_check '%s:%s'",
+ keytype, typestr, server_fp, typestr, hash);
+ ssh_clean_pubkey_hash(&server_hash);
return -EPERM;
}
+ ssh_clean_pubkey_hash(&server_hash);
return 0;
}
@@ -436,13 +456,16 @@ static int check_host_key(BDRVSSHState *s, SshHostKeyCheck *hkc, Error **errp)
case SSH_HOST_KEY_CHECK_MODE_HASH:
if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_MD5) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_MD5, errp);
+ SSH_PUBLICKEY_HASH_MD5, "md5",
+ errp);
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_SHA1, errp);
+ SSH_PUBLICKEY_HASH_SHA1, "sha1",
+ errp);
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA256) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_SHA256, errp);
+ SSH_PUBLICKEY_HASH_SHA256, "sha256",
+ errp);
}
g_assert_not_reached();
break;
--
2.31.1
next prev parent reply other threads:[~2021-11-18 14:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 14:35 [PATCH 0/3] block: misc fixes & improvements for SSH block driver key fingerprints Daniel P. Berrangé
2021-11-18 14:35 ` [PATCH 1/3] block: better document SSH host key fingerprint checking Daniel P. Berrangé
2021-12-23 9:37 ` Hanna Reitz
2021-11-18 14:35 ` [PATCH 2/3] block: support sha256 fingerprint with pre-blockdev options Daniel P. Berrangé
2021-12-23 9:45 ` Hanna Reitz
2021-11-18 14:35 ` Daniel P. Berrangé [this message]
2021-12-23 10:11 ` [PATCH 3/3] block: print the server key type and fingerprint on failure Hanna Reitz
2021-12-23 10:18 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211118143547.2045554-4-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).