CODEWITHSUNDEEP
javasshcoldfusionsftpjsch
user3742125
user3742125

Reputation: 627

Using server's fingerprint in JSch library instead of setting a public key file

In my ColdFusion application I am using a Java library, JSch. SFTP server is BitVise personal edition (for testing purpose). Currently I am forcing a StrictHostKeyChecking and for that I create a host key repository from a file name using the below method.

public void setKnownHosts(String filename)
                   throws JSchException

Is there any way to set server's fingerprint (like 2b:16:18:83:7b:c6:5e:49:f2:f0:8e:e2:dc:64:da:1a) instead of using a public key in JSch library?

Sample publickey reference, in case it's needed:

localhost ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCktHvR7qZv+HVOjpALTETAe9uvGsaOlqF/xGKqgOk8eEloz+3ZItjFIyHxosiQvM4NFkciAsALpWyQwCWDrF8CaAmGJv8p4nY6u2pDaMhSCcFYU/dUOSV26sc2hrALsZhu3OYG3+K1L5QGRDYQ8OVzAXf16i5sITFAS4eArmtRHHrATPyreZdA52GMl7GrHjbDToTmUsV2rPAg+ASasAS/se4QK6UGTMeWG2A9JrilcAmWl/DSfLjJclaoZz1gg8bfCqaDEf1iUWkJIOtpyt08LoQZLxXSFlcKYa/6dICFZW9E2YrAxHMOhyZpEXIf/iA79EX8aHNayVkDOh42MlX+CyB3l3thzAO0g+nAjKLoJN8KyJ9ioymQdyxnGLA8m2E+UnQ9OOznJ6ZzopnlSPQ2rygAGOW2TCHYFh+91S0=

Upvotes: 1

Views: 1654

Answers (1)

Martin Prikryl
Martin Prikryl

Reputation: 202514

Implement your own HostKeyRepository interface in a way that the check method compares a fingerprint calculated from the key argument against your known fingerprint.

public class HostKeyFingerprintRepository implements HostKeyRepository
{
    int check(String host, byte[] key)
    {
        // Based on KeyExchange.getFingerPrint
        Class c = Class.forName(jsch.getConfig("md5"));
        HASH hash = (HASH)(c.newInstance());
        // Based on Util.getFingerPrint
        hash.init();
        hash.update(key, 0, key.length);
        byte[] foo=hash.digest();
        StringBuffer sb=new StringBuffer();
        int bar;
        for(int i=0; i<foo.length;i++){
          bar=foo[i]&0xff;
          sb.append(chars[(bar>>>4)&0xf]);
          sb.append(chars[(bar)&0xf]);
          if(i+1<foo.length)
            sb.append(":");
        }
        String fingerprint = sb.toString();
        if (fingerprint.equals("2b:16:18:83:7b:c6:5e:49:f2:f0:8e:e2:dc:64:da:1a"))
        {
            return OK;
        }
        else
        {
            return NOT_INCLUDED;
        }
    } 

    // dummy implementations of the other methods
}

Associate your implementation with the session using Session.setHostKeyRepository.

Upvotes: 2

Related Questions