defaults/known_hosts.txt in the JAR, problem with SSH2

[Pekka Savola]

Hi,

Using a non-signed applet, version 3.1.2 (also earlier versions from 
many years ago), I've tried to include a known_hosts file in the JAR 
so that applet users could get a known_hosts file and avoid the 
warning about not being able to validate the server.

The way I've tried this is add (with 'zip') the file in the JAR file, 
like:

$ unzip -v mindtermjar| grep known_hosts
      215  Defl:N      199   7%  08-29-07 09:45  c148ef7a  defaults/known_hosts.txt

.. but no matter what I do, I always get "File operations disabled, 
server identity can't be verified".

Looking at the source code, as there's no "Found preinstalled 
'known_hosts' file." message, it appears that 
'this.getClass().getResourceAsStream("/defaults/known_hosts.txt")' 
doesn't find the file in the package for one reason or another.  BTW - 
should this be 'defaults/known_hosts.txt' instead of 
'/defaults/known_hosts.txt'?

No such messages are seen if I force the client to use SSH1.  There's 
also no known_hosts related code under com/mindbright/ssh2/ which 
indicates that SSH2 code might not support JAR-packaged known_hosts.

Am I missing something or is this indeed a missing feature?

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings