com.maverick.ssh
Interface HostKeyVerification

All Known Implementing Classes:
AbstractKnownHostsKeyVerification

public interface HostKeyVerification

This interface provides a callback method so that the user can verify the identity of the server (by checking the public key) during the initial protocol negotiation. This check is performed at the beginning of each connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks.

The user should verify that the key is acceptable; the most usual method being a local database file called known_hosts. The core J2SSH Maverick engine does not enforce any specific host key verification in order that the engine can be used on Java platforms that do not have File objects. A known_hosts implementation AbstractKnownHostsKeyVerification can be found in the SSHTools utility classes supplied with the J2SSH Maverick API. This also includes the basic ConsoleKnownHostsKeyVerification which performs the check by prompting the user through stdin/stdout.

The public key instances supplied to the verifyHost method will be one of the following implementations:

For SSH1 the key will always be Ssh1RsaPublicKey

For SSH2 the key will either be Ssh2RsaPublicKey or Ssh2DsaPublicKey.

To set a host key verification you must get an instance of the SshConnector and configure the SSH version context's with your implementation. The following example shows how to set a verification instance for both SSH1 and SSH2:

 SshConnector con = SshConnector.getInstance();

 HostKeyVerification hkv = new HostKeyVerification() {
   public boolean verifyHost(String name, SshPublicKey key)
              throws IOException {
      // Verify the host somehow???
      return true;
   }
 };
 SshContext context = con.getContext(SshConnector.SSH1);
 context.setHostKeyVerification(hkv);

 context = con.getContext(SshConnector.SSH2);
 context.setHostKeyVerification(hkv);
 

You could also set different verification implementations according to protocol, for example if you were using known_hosts for SSH1 and known_hosts2 for SSH2 you could use the previously described utility classes to set different lookup databases.

 SshConnector con = SshConnector.getInstance();

 SshContext context = con.getContext(SshConnector.SSH1);
 context.setHostKeyVerification(new ConsoleKnownHostsKeyVerification(
                                 System.getProperty("user.home")
                                 + "/.ssh/known_hosts"));

 context = con.getContext(SshConnector.SSH2);
 context.setHostKeyVerification(new ConsoleKnownHostsKeyVerification(
                                 System.getProperty("user.home")
                                 + "/.ssh/known_hosts2"));
 

Author:
Lee David Painter

Method Summary
 boolean verifyHost(java.lang.String host, SshPublicKey pk)
          Verify that the public key is acceptable for the host.
 

Method Detail

verifyHost

public boolean verifyHost(java.lang.String host,
                          SshPublicKey pk)
                   throws SshException
Verify that the public key is acceptable for the host.

Parameters:
host - the name of the connected host
pk - the public key supplied by the host
Returns:
true if the host key is acceptable otherwise false
Throws:
SshException


Copyright © 2003 3SP LTD. All Rights Reserved.