diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c
index d2466dedb..ebd9796dd 100644
a
|
b
|
static const char *const hostkey_method_ssh_ecdsa_256 = "ecdsa-sha2-nistp256"; |
74 | 74 | static const char *const hostkey_method_ssh_rsa = "ssh-rsa"; |
75 | 75 | static const char *const hostkey_method_ssh_dss = "ssh-dss"; |
76 | 76 | |
| 77 | /* hostkey methods supported by libssh2 1.11.0 */ |
| 78 | static const char *default_hostkey_methods = |
| 79 | "ecdsa-sha2-nistp256," |
| 80 | "ecdsa-sha2-nistp384," |
| 81 | "ecdsa-sha2-nistp521," |
| 82 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," |
| 83 | "ecdsa-sha2-nistp384-cert-v01@openssh.com," |
| 84 | "ecdsa-sha2-nistp521-cert-v01@openssh.com," |
| 85 | "ssh-ed25519," |
| 86 | "ssh-ed25519-cert-v01@openssh.com," |
| 87 | "rsa-sha2-256," |
| 88 | "rsa-sha2-512," |
| 89 | "ssh-rsa," |
| 90 | "ssh-rsa-cert-v01@openssh.com," |
| 91 | "ssh-dss"; |
| 92 | |
77 | 93 | /** |
78 | 94 | * |
79 | 95 | * The current implementation of know host key checking has following limitations: |
… |
… |
sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) |
257 | 273 | continue; |
258 | 274 | |
259 | 275 | if (store->name == NULL) |
260 | | found = TRUE; |
| 276 | /* Ignore hashed hostnames. Currently, libssh2 offers |
| 277 | * no way for us to match it. */ |
| 278 | continue; |
261 | 279 | else if (store->name[0] != '[') |
262 | 280 | found = strcmp (store->name, super->path_element->host) == 0; |
263 | 281 | else |
… |
… |
sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) |
285 | 303 | { |
286 | 304 | int mask; |
287 | 305 | const char *hostkey_method = NULL; |
| 306 | char *hostkey_methods; |
288 | 307 | |
289 | 308 | mask = store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK; |
290 | 309 | |
… |
… |
sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) |
326 | 345 | return FALSE; |
327 | 346 | } |
328 | 347 | |
| 348 | /* Append the default hostkey methods (with lower priority). |
| 349 | * Since we ignored hashed hostnames, the actual matching host |
| 350 | * key might have different type than the one found in |
| 351 | * known_hosts for non-hashed hostname. Methods not supported |
| 352 | * by libssh2 it are ignored. */ |
| 353 | hostkey_methods = g_strdup_printf ("%s,%s", hostkey_method, default_hostkey_methods); |
329 | 354 | rc = libssh2_session_method_pref (sftpfs_super->session, LIBSSH2_METHOD_HOSTKEY, |
330 | | hostkey_method); |
| 355 | hostkey_methods); |
| 356 | g_free (hostkey_methods); |
331 | 357 | if (rc < 0) |
332 | 358 | goto err; |
333 | 359 | } |