mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doron Fediuck (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (SSHD-91) SSH server key fingerprint
Date Tue, 13 Jul 2010 14:49:49 GMT

    [ https://issues.apache.org/jira/browse/SSHD-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12887779#action_12887779
] 

Doron Fediuck edited comment on SSHD-91 at 7/13/10 10:48 AM:
-------------------------------------------------------------

Attached a suggested fix.
This fix is available on both Server and client side.

There are 2 issues that needs addressing here:

1. The existing checkHost() in ClientSessionImpl.java is pointless,
since it needs to get something for comparison. So I just left it there,
but you may want to change it to something like:

public void checkHost(byte[] srvrFingerprint) throws Exception
This one should be given the fingerprint bytes and it'll to the work using the
new get method I added.

2. Current logic finds K_S only after kex.next() is called.
This causes a strange behavior that the fingerprint is available only after
authentication ended, which is wrong. Fingerprint should be available
prior to authentication, but I'm not sure how to implement it in current logic.

      was (Author: doron):
    Attached a suggested fix.
This fix is available on both Server and client size.

There are 2 issues that needs addressing here:

1. The existing checkHost() in ClientSessionImpl.java is pointless,
since it needs to get something for comparison. So I just left it there,
but you may want to change it to something like:

public void checkHost(byte[] srvrFingerprint) throws Exception
This one should be given the fingerprint bytes and it'll to the work using the
new get method I added.

2. Current logic finds K_S only after kex.next() is called.
This causes a strange behavior that the fingerprint is available only after
authentication ended, which is wrong. Fingerprint should be available
prior to authentication, but I'm not sure how to implement it in current logic.
  
> SSH server key fingerprint
> --------------------------
>
>                 Key: SSHD-91
>                 URL: https://issues.apache.org/jira/browse/SSHD-91
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.4.0
>            Reporter: Doron Fediuck
>         Attachments: fingerprint.patch
>
>
> Currently there's no way to verify the key's fingerprint that we get from the ssh server.

> Current code has:
> ClientSessionImpl.java-
>     private void checkHost() throws Exception {
>         // TODO: check host fingerprint
>     }
> According to Guillaume, public key is retrieved in org.apache.sshd.client.kex.AbstractDHGClient
> class, line 101, but there's no way to access it.
> So we need something which will enable us to retrieve the key's fingerprint from current
session.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message