[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 03/10] block: print the server key type and fingerprint on failure
|
From: |
Daniel P . Berrangé |
|
Subject: |
[PULL 03/10] block: print the server key type and fingerprint on failure |
|
Date: |
Thu, 17 Feb 2022 11:57:16 +0000 |
When validating the server key fingerprint fails, it is difficult for
the user to know what they got wrong. The fingerprint accepted by QEMU
is received in a different format than OpenSSH displays. There can also
be keys for multiple different ciphers in known_hosts. It may not be
obvious which cipher QEMU will use and whether it will be the same
as OpenSSH. Address this by printing the server key type and its
corresponding fingerprint in the format QEMU accepts.
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
block/ssh.c | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/block/ssh.c b/block/ssh.c
index ac01301409..a64db146db 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -386,14 +386,28 @@ static int compare_fingerprint(const unsigned char
*fingerprint, size_t len,
return *host_key_check - '\0';
}
+static char *format_fingerprint(const unsigned char *fingerprint, size_t len)
+{
+ static const char *hex = "0123456789abcdef";
+ char *ret = g_new0(char, (len * 2) + 1);
+ for (size_t i = 0; i < len; i++) {
+ ret[i * 2] = hex[((fingerprint[i] >> 4) & 0xf)];
+ ret[(i * 2) + 1] = hex[(fingerprint[i] & 0xf)];
+ }
+ ret[len * 2] = '\0';
+ return ret;
+}
+
static int
check_host_key_hash(BDRVSSHState *s, const char *hash,
- enum ssh_publickey_hash_type type, Error **errp)
+ enum ssh_publickey_hash_type type, const char *typestr,
+ Error **errp)
{
int r;
ssh_key pubkey;
unsigned char *server_hash;
size_t server_hash_len;
+ const char *keytype;
r = ssh_get_server_publickey(s->session, &pubkey);
if (r != SSH_OK) {
@@ -401,6 +415,8 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
return -EINVAL;
}
+ keytype = ssh_key_type_to_char(ssh_key_type(pubkey));
+
r = ssh_get_publickey_hash(pubkey, type, &server_hash, &server_hash_len);
ssh_key_free(pubkey);
if (r != 0) {
@@ -410,12 +426,16 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
}
r = compare_fingerprint(server_hash, server_hash_len, hash);
- ssh_clean_pubkey_hash(&server_hash);
if (r != 0) {
- error_setg(errp, "remote host key does not match host_key_check '%s'",
- hash);
+ g_autofree char *server_fp = format_fingerprint(server_hash,
+ server_hash_len);
+ error_setg(errp, "remote host %s key fingerprint '%s:%s' "
+ "does not match host_key_check '%s:%s'",
+ keytype, typestr, server_fp, typestr, hash);
+ ssh_clean_pubkey_hash(&server_hash);
return -EPERM;
}
+ ssh_clean_pubkey_hash(&server_hash);
return 0;
}
@@ -436,13 +456,16 @@ static int check_host_key(BDRVSSHState *s,
SshHostKeyCheck *hkc, Error **errp)
case SSH_HOST_KEY_CHECK_MODE_HASH:
if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_MD5) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_MD5, errp);
+ SSH_PUBLICKEY_HASH_MD5, "md5",
+ errp);
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_SHA1, errp);
+ SSH_PUBLICKEY_HASH_SHA1, "sha1",
+ errp);
} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA256) {
return check_host_key_hash(s, hkc->u.hash.hash,
- SSH_PUBLICKEY_HASH_SHA256, errp);
+ SSH_PUBLICKEY_HASH_SHA256, "sha256",
+ errp);
}
g_assert_not_reached();
break;
--
2.34.1
- [PULL 00/10] Misc next patches, Daniel P . Berrangé, 2022/02/17
- [PULL 02/10] block: support sha256 fingerprint with pre-blockdev options, Daniel P . Berrangé, 2022/02/17
- [PULL 01/10] block: better document SSH host key fingerprint checking, Daniel P . Berrangé, 2022/02/17
- [PULL 03/10] block: print the server key type and fingerprint on failure,
Daniel P . Berrangé <=
- [PULL 04/10] seccomp: allow action to be customized per syscall, Daniel P . Berrangé, 2022/02/17
- [PULL 07/10] seccomp: block use of clone3 syscall, Daniel P . Berrangé, 2022/02/17
- [PULL 05/10] seccomp: add unit test for seccomp filtering, Daniel P . Berrangé, 2022/02/17
- [PULL 06/10] seccomp: fix blocking of process spawning, Daniel P . Berrangé, 2022/02/17
- [PULL 08/10] seccomp: block setns, unshare and execveat syscalls, Daniel P . Berrangé, 2022/02/17
- [PULL 09/10] MAINTAINERS: take over seccomp from Eduardo Otubo, Daniel P . Berrangé, 2022/02/17
- [PULL 10/10] docs: expand firmware descriptor to allow flash without NVRAM, Daniel P . Berrangé, 2022/02/17
- Re: [PULL 00/10] Misc next patches, Peter Maydell, 2022/02/18