mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: Verifying server key
Date Tue, 19 Oct 2010 14:36:25 GMT
I may miss something here, but the idea was that you would provide your own
implementation of ServerKeyVerifier.
It has a single method which is:
    boolean verifyServerKey(ClientSession sshClientSession, SocketAddress
remoteAddress, PublicKey serverKey);

So in this method, you can easily prompt the user the way you want and you
have access to the server key.

I agree we could add a getServerKey() method in the AbstractSession class to
help a bit.  But I don't think you actually need it at this point.

On Tue, Oct 19, 2010 at 14:49, Doron Fediuck <doron@redhat.com> wrote:

> Hi guys,
> First of all I wish to thank you for writing & supporting SSHD.
> I hope more people will learn to appreciate it as I do.
> Today I tried to implement key verification with your fix to jira-92.
> After some reading I managed to understand I should do something like-
>  client.setServerKeyVerifier(new RequiredServerKeyVerifier(requiredKey))
> in order to make it work.
> This is a very good implementation, when the client side has a hold of the
> server's key. Unfortunately, this is not always the case. There are
> interactive
> scenarios, where the client implementation will display a key fingerprint
> (hash)
> to the user, and ask the user to acknowledge it.
> So is there a way you could possibly give us access to the server's key, so
> we could ask the user to validate it?
> Here's a sample code you could add to existing ClientSessionImpl class:
>    public PublicKey getServerKey() {
>        return kex.getServerKey();
>    }
> Now we probably could write something like-
>        byte[] K_S =  session.getServerKey();
>        Digest md5 = new MD5();
>        md5.init();
>        md5.update(K_S, 0, K_S.length);
>        byte[] fp = md5.digest();
>        log.info("Server fingerprint:  {}", BufferUtils.printHex(fp));
> I would really appreciate it if you could add this snip, so we have access
> to
> server's key!
> Thanks again,
> Doron.
> --
> /d

Guillaume Nodet
Blog: http://gnodet.blogspot.com/
Open Source SOA

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message