diff --git a/block/ssh.c b/block/ssh.c index 048d0cc924..501933b855 100644 --- a/block/ssh.c +++ b/block/ssh.c @@ -277,14 +277,14 @@ static void ssh_parse_filename(const char *filename, QDict *options, static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp) { int ret; +#ifdef HAVE_LIBSSH_0_8 + enum ssh_known_hosts_e state; int r; ssh_key pubkey; enum ssh_keytypes_e pubkey_type; unsigned char *server_hash = NULL; size_t server_hash_len; char *fingerprint = NULL; -#ifdef HAVE_LIBSSH_0_8 - enum ssh_known_hosts_e state; state = ssh_session_is_known_server(s->session); trace_ssh_server_status(state); @@ -356,30 +356,9 @@ static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp) break; case SSH_SERVER_KNOWN_CHANGED: ret = -EINVAL; - r = ssh_get_publickey(s->session, &pubkey); - if (r == 0) { - r = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, - &server_hash, &server_hash_len); - pubkey_type = ssh_key_type(pubkey); - ssh_key_free(pubkey); - } - if (r == 0) { - fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA1, - server_hash, - server_hash_len); - ssh_clean_pubkey_hash(&server_hash); - } - if (fingerprint) { - error_setg(errp, - "host key (%s key with fingerprint %s) does not match " - "the one in known_hosts; this may be a possible attack", - ssh_key_type_to_char(pubkey_type), fingerprint); - ssh_string_free_char(fingerprint); - } else { - error_setg(errp, - "host key does not match the one in known_hosts; this " - "may be a possible attack"); - } + error_setg(errp, + "host key does not match the one in known_hosts; this " + "may be a possible attack"); goto out; case SSH_SERVER_FOUND_OTHER: ret = -EINVAL;