Validating host keys

 Top  Previous  Next

When connecting to an SSH server using the Sftp class you may define that your login credentials only be submitted to hosts that provide a host key with a recognized fingerprint.  This prevents the possibility of a man in the middle attack.  You may specify what host keys are allowed using a SshHostKeys instance and the SshParameters.setHostKeys method.

 

Example

 

// create new SshParameters instance

SshParameters params = new SshParameters(hostname, port, username, password);

 

// create new SshHostKeys instance

SshHostKeys keys = new SshHostKeys();

 

// specify valid remote server address

InetAddress address = InetAddress.getByName(hostname);

 

// add valid fingerprint to SshHostKeys instance

keys.addKey(address, "18:bc:ec:a5:0f:9a:fc:1a:60:96:7a:17:c8:ed:73:ac");

 

// define a host key fingerprint verifier using OpenSSH host key format

param.setHostKeyVerifier(new HostKeyFingerprintVerifier(new OpenSSHFingerprintFormatter(), keys));

 

// create a new Sftp instance

Sftp sftp = new Sftp(params);

 

// establish connection

sftp.connect();

 

// gets updated host keys (if updated)

sftp.disconnect();

 

 

 

 

 





Home | Company | Products | Solutions | Purchase | Support | Services | Blog

© 2021 JSCAPE LLC