Add additional key type flags to hostcheck module - update example

[RobCoops]

Using Python 3.6 the example host key verification code generates the following error message:
Traceback (most recent call last):
File "example_host_key_verification.py", line 29, in
else LIBSSH2_KNOWNHOST_KEY_SSHDSS
NameError: name 'LIBSSH2_KNOWNHOST_KEY_SSHDSS' is not defined

Easily fixed by adding LIBSSH2_KNOWNHOST_KEY_SSHDSS to the imports but even then it will still not work:
Traceback (most recent call last):
File "example_host_key_verification.py", line 39, in
kh.checkp(host, 22, host_key, type_mask)
TypeError: Argument 'host' has incorrect type (expected bytes, got str)

Now I am not sure what exactly it wants here, converting the host string to bytes is not the answer feeding it the IP that the host resolved as in bytes does not seem to work either.

Using python 2.7 instead (bad, bad, bad, time to migrate already)
Traceback (most recent call last):
File "example_host_key_verification.py", line 39, in
kh.checkp(host, 22, host_key, type_mask)
File "ssh2/knownhost.pyx", line 252, in ssh2.knownhost.KnownHost.checkp
ssh2.exceptions.KnownHostCheckNotFoundError: ('Host %s not found in known hosts collection', 'localhost')

Yet I am 100% certain that localhost is in the known hosts file so I have a feeling that even though there is no complaint about not getting bytes as a first parameter to kh.checkp on line 39 it is not able to deal with the string it gets and check the host/fingerprint correctly against the known hosts file.

[JoelStienlet]

Hello,
I've had some problems with the demos too, but I got this one working with:
host.encode('utf-8')

[RobCoops]

@JoelStienlet Thanks for the info, I tried but I am getting the same result regardless of the encoding of the hostname:

Read 3 hosts from known hosts file at /root/.ssh/known_hosts
Traceback (most recent call last):
  File "test.py", line 34, in <module>
    kh.checkp(host.encode('utf-8'), 22, host_key, type_mask)
  File "ssh2/knownhost.pyx", line 252, in ssh2.knownhost.KnownHost.checkp
ssh2.exceptions.KnownHostCheckNotFoundError: ('Host %s not found in known hosts collection', b'localhost')

I of course made sure that the host is in the known_hosts file so it should find it no problem.

>grep localhost ~/.ssh/known_hosts
localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAVsEAljGvdqAwiyTaUPJZTHu0XVRby+M/2HttiaagThlLmgA8asBMzHNkXnOJO6hJXS2VZZDgwGv1XFr2yH+CA=

Sure it does not complain but the code still does not quite work... going to spend quite some more time on this trying to work out what is wrong as I am not very familiar with the underlying library its hard to debug this one

[JoelStienlet]

Can you check the value of type_mask? I've used LIBSSH2_KNOWNHOST_TYPE_PLAIN:
from ssh2.knownhost import LIBSSH2_KNOWNHOST_TYPE_PLAIN
kh.checkp(args.host.encode('utf-8'), args.port, host_key, LIBSSH2_KNOWNHOST_TYPE_PLAIN )

[pkittenis]

Hi there,

Thanks for the interest and report.

The example script is correct.

The reason it does not work for the above is because the key type in the hosts file is ecdsa-sha2-nistp256 while the example script tries to verify RSA or DSS keys. The underlying library is low level and requires explicit key type checks.

Python version does not matter, though the host parameter must be in bytes - b'localhost' - currently. It could take unicode as well for ease of use, though unicode characters in known host files are not valid.

The exception is because a matching host and key type cannot be found - there can be multiple keys per host of different types. On type check errors where a host does match the error returned is KnownHostCheckNotFoundError regardless.

There is now ECDSA and ED25519 key type support in libssh2, neither of which have flags exposed in ssh2.knownhost. The example script might also check for all possible key types.

PRs welcome for both of these.

[pkittenis]

Flags updated for latest libssh2. Examples welcome.