[jira] [Comment Edited] (SSHD-1255) Support host key update and rotation in the client

Tue, 05 Apr 2022 13:09:05 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517648#comment-17517648
 ] 

Thomas Wolf edited comment on SSHD-1255 at 4/5/22 8:08 PM:
-----------------------------------------------------------

The point is that the client side handler is empty. It doesn't send back the 
prove challenge message to the server, nor does it handle the reply to that.

This is a must do. I wouldn't want to add unproven keys to the known_hosts file.

Note that the challenge message must be sent asynchronously; global request is 
synchronous, but we're already handling a global request and are holding the 
sessionLock. Ideally I'd like to have a way to fire off the global request for 
that prove challenge, passing a FutureTask that gets automatically invoked 
(possibly in a different thread) when the reply is received. This needs a 
rewrite of the global request handling first to do it properly.

Users can already install their own ServerKeyVerifier. I see no reason why that 
should change.


was (Author: wolft):
The point is that the client side handler is empty. It doesn't send back the 
prove challenge message to the server, nor does it handle the reply to that.

This is a must do. I wouldn't want to add unproven keys to the known_hosts file.

Note that the challenge message must be sent asynchronously; global request is 
synchronous, but we're already handling a global request and are holding the 
sessionLock. Ideally I'd like to have a way to fire off the global request for 
that prove challenge, passing a FutureTask that gets automatically invoked 
(possibly in a different thread) when the reply is received. This needs a 
rewrite of the global request handling first to do it properly.

User's can already install their own ServerKeyVerifier. I see no reason why 
that should change.

> Support host key update and rotation in the client
> --------------------------------------------------
>
>                 Key: SSHD-1255
>                 URL: https://issues.apache.org/jira/browse/SSHD-1255
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.8.0
>            Reporter: Thomas Wolf
>            Priority: Major
>
> Add support for the {{hostkeys...@openssh.com}} and 
> {{hostkeys-prove...@openssh.com}} KEX extensions, including updating 
> {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to