Reputation: 103

How to set up server authentication in Apache MINA sshd?

I have set up an ssh server using Apache MINA sshd for SFTP. I want to enable server authentication so clients cannot be spoofed. In the documentation page all it says is to use the following method (Apache MINA sshd doc):

sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider("hostkey.ser"));

But as I understand, that generates a keypair on its own. What if I want to use an existing certificate file for this server?

Upvotes: 1

Answers (2)

Claus

Reputation: 2294

FileKeyPairProvider is simpler

Path path = Paths.get(getClass().getClassLoader().getResource("server-key.pem").toURI());
sshd.setKeyPairProvider(new FileKeyPairProvider(path));

Upvotes: 0

Alberto Anguita

Reputation: 103

Ok I found it. I used the MappedKeyPairProvider class:

sshd.setKeyPairProvider(new MappedKeyPairProvider(loadKeyPair("certificateFile.p12")));

With loadKeyPair defined as follows:

public static loadKeyPair(String path) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableKeyException, NoSuchProviderException {
    KeyStore p12 = KeyStore.getInstance("pkcs12");
    p12.load(new FileInputStream(path), "certPassword".toCharArray());
    java.security.cert.Certificate cert = p12.getCertificate("myAlias");
    PublicKey publicKey = cert.getPublicKey();
    PrivateKey key = (PrivateKey)p12.getKey("myAlias", "certPassword".toCharArray());
    return new KeyPair(publicKey, key);
}

Please note that my certificate is stored in PKCS12 format.

Upvotes: 0

How to set up server authentication in Apache MINA sshd?

Answers (2)

Related Questions