[
https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517648#comment-17517648
]
Thomas Wolf edited comment on SSHD-1255 at 4/5/22 8:08 PM:
-----------------------------------------------------------
The point is that the client side handler is empty. It doesn't send back the
prove challenge message to the server, nor does it handle the reply to that.
This is a must do. I wouldn't want to add unproven keys to the known_hosts file.
Note that the challenge message must be sent asynchronously; global request is
synchronous, but we're already handling a global request and are holding the
sessionLock. Ideally I'd like to have a way to fire off the global request for
that prove challenge, passing a FutureTask that gets automatically invoked
(possibly in a different thread) when the reply is received. This needs a
rewrite of the global request handling first to do it properly.
Users can already install their own ServerKeyVerifier. I see no reason why that
should change.
was (Author: wolft):
The point is that the client side handler is empty. It doesn't send back the
prove challenge message to the server, nor does it handle the reply to that.
This is a must do. I wouldn't want to add unproven keys to the known_hosts file.
Note that the challenge message must be sent asynchronously; global request is
synchronous, but we're already handling a global request and are holding the
sessionLock. Ideally I'd like to have a way to fire off the global request for
that prove challenge, passing a FutureTask that gets automatically invoked
(possibly in a different thread) when the reply is received. This needs a
rewrite of the global request handling first to do it properly.
User's can already install their own ServerKeyVerifier. I see no reason why
that should change.
> Support host key update and rotation in the client
> --------------------------------------------------
>
> Key: SSHD-1255
> URL: https://issues.apache.org/jira/browse/SSHD-1255
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.8.0
> Reporter: Thomas Wolf
> Priority: Major
>
> Add support for the {{[email protected]}} and
> {{[email protected]}} KEX extensions, including updating
> {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
