SSH2 Validation Against Known Hosts
maf at appgate.com
maf at appgate.com
Tue Nov 14 09:32:07 MET 2006
On 13 nov, David Basten wrote:
> Based on the "Settings.txt" file, I updated RunRemoteCommand.java to do the
> following:
>
> SSH2Preferences prefs = new SSH2Preferences();
>
> // This shows how to force certain properties
> prefs.setPreference("sshhome", "c:\\xyz\\known_hosts");
> prefs.setPreference("strict-hostid", "true");
>
> Socket serverSocket = new Socket(server, port);
> SSH2Transport transport = new SSH2Transport(serverSocket, prefs,
> createSecureRandom());
>
> However, even with these settings my command works without error in two
> different conditions: a) invalid host setting and b) missing host setting.
>
> I appreciate any insight you can give me.
The RunRemoteCommand example does not actually check the server host key
(I do not think any of the examples do). To do that you will need to
provide an event handler to the SSH2Transport constructor. You can
subclass SSH2TransportEventAdapter and just modify kexAuthenticateHost.
MindTerm has no code to read the known_hosts file by ssh. Instead the
interactive client stores the each known hostkey in ~/.mindterm/hostkeys
The code to check this can be found in SSHPropertyHandler.verifyKnownSSH2Hosts
/MaF
More information about the Mindterm-users
mailing list