2 files changed, 14 insertions, 1 deletions

diff --git a/obnamlib/plugins/sftp_plugin.py b/obnamlib/plugins/sftp_plugin.py
index 515f36f4..8ffc11f7 100644
--- a/obnamlib/plugins/sftp_plugin.py
+++ b/obnamlib/plugins/sftp_plugin.py
@@ -184,12 +184,17 @@ class SftpFS(obnamlib.VirtualFileSystem):
 
         known_keys = known_hosts.lookup(hostname)
         if known_keys is None:
+            if self.settings['strict-ssh-host-keys']:
+                raise obnamlib.Error('No known host key for %s' % hostname)
             logging.warning('No known host keys for %s; accepting offered key'
                             % hostname)
             return
 
         offered_type = offered_key.get_name()
         if not known_keys.has_key(offered_type):
+            if self.settings['strict-ssh-host-keys']:
+                raise obnamlib.Error('No known type %s host key for %s' % 
+                                     (offered_type, hostname))
             logging.warning('No known host key of type %s for %s; accepting '
                             'offered key' % (offered_type, hostname))
         
@@ -546,6 +551,11 @@ class SftpPlugin(obnamlib.ObnamPlugin):
                                     'to ssh-agent)',
                                  metavar='FILENAME')
 
+        self.app.settings.boolean(['strict-ssh-host-keys'],
+                                  'require that the ssh host key must be '
+                                    'known and correct to be accepted; '
+                                    'default is to accept unknown keys')
+
         self.app.settings.boolean(['pure-paramiko'],
                                  'do not use openssh even if available, '
                                     'use paramiko only instead')
diff --git a/test-sftpfs b/test-sftpfs
index fca64d1c..55e6dc5f 100755
--- a/test-sftpfs
+++ b/test-sftpfs
@@ -26,6 +26,7 @@ ssh connections using the ssh agent.
 '''
 
 
+import logging
 import os
 import shutil
 import tempfile
@@ -41,10 +42,11 @@ class SftpTests(unittest.TestCase, obnamlib.VfsTests):
         self.basepath = tempfile.mkdtemp()
         baseurl = 'sftp://localhost%s' % self.basepath
         settings = {
-            'pure-paramiko': False,
+            'pure-paramiko': True,
             'create': True,
             'sftp-delay': 0,
             'ssh-key': '',
+            'strict-ssh-host-keys': False,
         }
         self.fs = obnamlib.plugins.sftp_plugin.SftpFS(baseurl, 
                                                       settings=settings)
@@ -84,4 +86,5 @@ class SftpTests(unittest.TestCase, obnamlib.VfsTests):
         
         
 if __name__ == '__main__':
+    logging.basicConfig(filename='/dev/null')
     unittest.main()