Hi guys,
First of all I wish to thank you for writing & supporting SSHD.
I hope more people will learn to appreciate it as I do.
Today I tried to implement key verification with your fix to jira-92.
After some reading I managed to understand I should do something like-
client.setServerKeyVerifier(new RequiredServerKeyVerifier(requiredKey))
in order to make it work.
This is a very good implementation, when the client side has a hold of the
server's key. Unfortunately, this is not always the case. There are interactive
scenarios, where the client implementation will display a key fingerprint (hash)
to the user, and ask the user to acknowledge it.
So is there a way you could possibly give us access to the server's key, so
we could ask the user to validate it?
Here's a sample code you could add to existing ClientSessionImpl class:
public PublicKey getServerKey() {
return kex.getServerKey();
}
Now we probably could write something like-
byte[] K_S = session.getServerKey();
Digest md5 = new MD5();
md5.init();
md5.update(K_S, 0, K_S.length);
byte[] fp = md5.digest();
log.info("Server fingerprint: {}", BufferUtils.printHex(fp));
I would really appreciate it if you could add this snip, so we have access to
server's key!
Thanks again,
Doron.
--
/d
