When support for sha256 fingerprint checking was aded in
commit bf783261f0aee6e81af3916bff7606d71ccdc153
Author: Daniel P. Berrangé <berra...@redhat.com>
Date: Tue Jun 22 12:51:56 2021 +0100
block/ssh: add support for sha256 host key fingerprints
it was only made to work with -blockdev. Getting it working with
-drive requires some extra custom parsing.
Reviewed-by: Hanna Reitz <hre...@redhat.com>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
block/ssh.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/block/ssh.c b/block/ssh.c
index 3b5bf34031..ac01301409 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -556,6 +556,11 @@ static bool ssh_process_legacy_options(QDict *output_opts,
qdict_put_str(output_opts, "host-key-check.type", "sha1");
qdict_put_str(output_opts, "host-key-check.hash",
&host_key_check[5]);
+ } else if (strncmp(host_key_check, "sha256:", 7) == 0) {
+ qdict_put_str(output_opts, "host-key-check.mode", "hash");
+ qdict_put_str(output_opts, "host-key-check.type", "sha256");
+ qdict_put_str(output_opts, "host-key-check.hash",
+ &host_key_check[7]);
} else if (strcmp(host_key_check, "yes") == 0) {
qdict_put_str(output_opts, "host-key-check.mode", "known_hosts");
} else {
--
2.34.1
