This project exposes low-level libssh2 bindings. It does not automatically enforce trust decisions for the caller. Integrations must apply the checks below.
Perform host key verification before any authentication or channel use.
Required sequence:
- Create session and connect socket.
- Call
libssh2_session_handshake. - Retrieve host key with
libssh2_session_hostkey. - Initialize/read known hosts database (
libssh2_knownhost_init,libssh2_knownhost_readfileorlibssh2_knownhost_readline). - Validate remote key using
libssh2_knownhost_checkp. - Abort the connection unless result is
LIBSSH2_KNOWNHOST_CHECK_MATCH. - Authenticate only after a successful match.
Treat these results as failures for authentication:
LIBSSH2_KNOWNHOST_CHECK_MISMATCHLIBSSH2_KNOWNHOST_CHECK_NOTFOUNDLIBSSH2_KNOWNHOST_CHECK_FAILURE
libssh2_channel_request_auth_agent must only be used after host key verification has returned MATCH.
Agent forwarding to an unverified host can expose credentials to a machine you did not intend to trust.
Prefer SHA-256 for host key hash workflows. Avoid MD5 and SHA-1 for trust decisions.
When setting method preferences, avoid weak or legacy algorithms.
The build process verifies libssh2 source signatures when LIBSSH2_SOURCE=Tarball is used.
Report suspected vulnerabilities privately via repository maintainers. Include:
- affected version/commit
- reproduction steps
- expected vs observed behavior
- impact assessment
Only the latest release is supported. Older versions may contain unpatched vulnerabilities.