Pages

Tuesday, July 22, 2008

j2ssh : On authentication, removing user prompt

 

While doing an SFTP connection with j2ssh client in java, it is possible that you get a message as in:

Do you want to allow this host key? [Yes|No|Always]:

To remove this message, though not recommended, we have to give a custom implementation of AbstractKnownHostsKeyVerification class. The best possible way is to extend ConsoleKnownHostsKeyVerification and override the methods onUnknownHost or onHostKeyMismatch. And use this AlwaysAllowingConsoleKnownHostsKeyVerification instance while connecting, as in:

SshClient ssh = new SshClient();

ssh.connect(hostname,new AlwaysAllowingConsoleKnownHostsKeyVerification());

The class AlwaysAllowingConsoleHostsKeyVerification is defined below. I understand that this is like a hack in security, but, sometimes, you may like to know it anyway's.

 

import com.sshtools.j2ssh.transport.ConsoleKnownHostsKeyVerification;
import com.sshtools.j2ssh.transport.InvalidHostFileException;
import com.sshtools.j2ssh.transport.publickey.SshPublicKey;

public class AlwaysAllowingConsoleKnownHostsKeyVerification extends
        ConsoleKnownHostsKeyVerification {

    public AlwaysAllowingConsoleKnownHostsKeyVerification()
            throws InvalidHostFileException {
        super();
        // Don't not do anything else
    }

    @Override
    public void onHostKeyMismatch(String s, SshPublicKey sshpublickey,
            SshPublicKey sshpublickey1) {
        try
        {
            System.out.println("The host key supplied by " + s + " is: " + sshpublickey1.getFingerprint());
            System.out.println("The current allowed key for " + s + " is: " + sshpublickey.getFingerprint());
            System.out.println("~~~Using Custom Key verification, allowing to pass through~~~");
            allowHost(s, sshpublickey, false);
        }
        catch(Exception exception)
        {
            exception.printStackTrace();
        }
    }

    @Override
    public void onUnknownHost(String s, SshPublicKey sshpublickey) {
        try
        {
            System.out.println("The host " + s + " is currently unknown to the system");
            System.out.println("The host key fingerprint is: " + sshpublickey.getFingerprint());
            System.out.println("~~~Using Custom Key verification, allowing to pass through~~~");
            allowHost(s, sshpublickey, false);
        }
        catch(Exception exception)
        {
            exception.printStackTrace();
        }
    }

}

10 comments:

  1. Anonymous1:09 AM

    Nice trick.

    Thanks!

    ReplyDelete
  2. Anonymous1:23 AM

    Thank you! You made my day, works very nicey. The security issue here for me is naught, since we run it internally on a closed network.

    ReplyDelete
  3. Rishi1:23 PM

    Pretty cool. You've got some real useful stuff. :)
    _
    Rishi

    ReplyDelete
  4. Pretty cool. You've got some real useful stuff on your blog. :)
    _
    Rishi

    ReplyDelete
  5. Anonymous5:02 AM

    Thank a lot!

    ReplyDelete
  6. Great!!!, you are the best my friend. Thanks a lot.

    ReplyDelete
  7. Anonymous3:55 AM

    It is often you find such a useful article. Thank you,

    BV, London

    ReplyDelete
  8. Anonymous2:16 AM

    You can also use IgnoreHostKeyVerification, which is supplied with this library - it automaticly ignores this question

    ReplyDelete
  9. Anonymous7:08 AM

    Nice Man !

    ReplyDelete
  10. Thanks! Thats the way i like it :)

    ReplyDelete