Subject: Re: Fwd: libssh2_knownhost_check key format

Re: Fwd: libssh2_knownhost_check key format

From: Alexander Lamaison <>
Date: Sun, 7 Mar 2010 16:47:33 +0000

On 6 March 2010 21:30, Daniel Stenberg <> wrote:
> On Sat, 6 Mar 2010, Alexander Lamaison wrote:
>>      keycheck = libssh2_knownhost_check(sshc->kh,
>>                                         conn->,
>>                                         remotekey, keylen,
>>                                         LIBSSH2_KNOWNHOST_TYPE_PLAIN|
>>                                         LIBSSH2_KNOWNHOST_KEYENC_RAW|
>>                                         keybit,
>>                                         &host);
>> The key held by 'host' here should be in binary format because
> I believe the 'typemask' as is set by the function above is for the key
> passed in to the function. That's the 'remotekey' argument. It doesn't
> specify what format the info about the existing known host key is using.

Ah, you're quite right.

> 'host' is a pointer to a struct that gets returned by
> libssh2_knownhost_check() and that returns a 'struct libssh2_knownhost'
> which in the public libssh2.h header has its 'key' field documented as "key
> in base64/printable format".

I was getting confused between the keys coming from the knownhost_*
API which are base64-encoded and the keys coming from
session_hostkey() which are not.

> I'd say this is a bug on the libssh2 side. It is documented and intended to
> only "export" the key as base64-encoded or an otherwise prinatable format,
> which should be fine to print as zero-terminated. I see how that the
> knownhost_to_external() function makes no effort to make sure that is the
> case, and that seems wrong.

False alarm. It works as documented. Thanks for the help.

Received on 2010-03-07