[
https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510059#comment-17510059
]
Lyor Goldstein commented on SSHD-1255:
--------------------------------------
[~twolf] Please note that we already have support for these extensions - see
{{{}OpenSshHostKeysHandler{}}}-s for client and server. As far as I can tell
they implement the specified behavior, but perhaps some updates are in order.
Specifically for the "[email protected]" handler it does not consult the
{_}known_hosts{_}. We do have code for handling _known_hosts_ via
{{KnownHostsServerKeyVerifier}} and its derivatives (e.g.
{{{}DefaultKnownHostsServerKeyVerifier{}}}), we just never tied them together.
In any case, I recommend implementing a default behavior that ties them, but
leaves the option to the user to "plug in" some other verifier - including a
null/empty/accept-all one.
> Support host key update and rotation in the client
> --------------------------------------------------
>
> Key: SSHD-1255
> URL: https://issues.apache.org/jira/browse/SSHD-1255
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.8.0
> Reporter: Thomas Wolf
> Priority: Major
>
> Add support for the {{[email protected]}} and
> {{[email protected]}} KEX extensions, including updating
> {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
