Guillaume, Sorry- my bad. I was too hooked into RequiredServerKeyVerifier, which made me think I need to provide a server key. I'm glad that you agree easier access to the key would help, since it requires writing specific implementation, while a simple method call would do the job even better :)
Last question- any idea how to create the fingerprint from the server's PublicKey ? Testing my old md5 code shows it doesn't match (compared to openssh client), and I'm not sure what went wrong. Thanks, Doron. On Tuesday 19 October 2010 16:36:25 Guillaume Nodet wrote: > I may miss something here, but the idea was that you would provide your own > implementation of ServerKeyVerifier. > It has a single method which is: > boolean verifyServerKey(ClientSession sshClientSession, SocketAddress > remoteAddress, PublicKey serverKey); > > So in this method, you can easily prompt the user the way you want and you > have access to the server key. > > I agree we could add a getServerKey() method in the AbstractSession class to > help a bit. But I don't think you actually need it at this point. > > On Tue, Oct 19, 2010 at 14:49, Doron Fediuck <[email protected]> wrote: > > > Hi guys, > > First of all I wish to thank you for writing & supporting SSHD. > > I hope more people will learn to appreciate it as I do. > > > > Today I tried to implement key verification with your fix to jira-92. > > After some reading I managed to understand I should do something like- > > client.setServerKeyVerifier(new RequiredServerKeyVerifier(requiredKey)) > > in order to make it work. > > > > This is a very good implementation, when the client side has a hold of the > > server's key. Unfortunately, this is not always the case. There are > > interactive > > scenarios, where the client implementation will display a key fingerprint > > (hash) > > to the user, and ask the user to acknowledge it. > > > > So is there a way you could possibly give us access to the server's key, so > > we could ask the user to validate it? > > > > Here's a sample code you could add to existing ClientSessionImpl class: > > > > public PublicKey getServerKey() { > > return kex.getServerKey(); > > } > > > > Now we probably could write something like- > > > > byte[] K_S = session.getServerKey(); > > Digest md5 = new MD5(); > > md5.init(); > > md5.update(K_S, 0, K_S.length); > > byte[] fp = md5.digest(); > > log.info("Server fingerprint: {}", BufferUtils.printHex(fp)); > > > > I would really appreciate it if you could add this snip, so we have access > > to > > server's key! > > > > Thanks again, > > Doron. > > -- > > > > /d > > > > > > -- /d
