Validating host keys

 Top  Previous  Next

When connecting to an SSH server using the Scp class you may define that your login credentials only be submitted to hosts that provide a host key with a recognized fingerprint.  This prevents the possibility of a man in the middle attack.  You may specify what host keys are allowed using a SshHostKeys instance and the SshParameters.setHostKeys method.

 

Example

 

// create new SshParameters instance

SshParameters params = new SshParameters(hostname, port, username, password);

 

// create new SshHostKeys instance

SshHostKeys keys = new SshHostKeys();

 

// specify valid remote server address

InetAddress address = InetAddress.getByName(hostname);

 

// add valid fingerprint to SshHostKeys instance

keys.addKey(address, "18:bc:ec:a5:0f:9a:fc:1a:60:96:7a:17:c8:ed:73:ac");

 

// update SshParameters instance to validate against fingerprint in SshHostKeys instance

params.setHostKeys(keys, false);

 

// create a new Scp instance

Scp scp = new Scp(params);

 

// establish connection

scp.connect();

 

// gets updated host keys (if updated)

keys = scp.getHostKeys();

 

 

 

 

 

 





Home | Company | Products | Solutions | Purchase | Support | Services | Blog

© 2021 JSCAPE LLC