Prefer known algorithm for known host #721
Conversation
(hierynomus#642, hierynomus#635... 10? issues) Try to find the Algorithm that was used when a known_host entry was created and make that the first choice for the current connection attempt. If the current connection algorithm matches the algorithm used when the known_host entry was created we can get a fair verification.
|
I just make the changes again in a clean clone |
|
I've changed the implementation a bit to take into account all matching hostnames in the known hosts file, instead of only the first one. It is possible to have multiple keys for the same hostname. They're now taken into account in the order that was configured in the SshConfig object. |
|
Nice! There is so much complexity in this endeavor! I'm glad I could do something useful with so little specific knowledge. I have used Ganymede for decades, but it hasn't been maintained for a decade. I have tried other libraries too, but if there is a problem most of us are out of our depth immediately. And I guess the knowledge gap is so wide people with knowledge don't have time to provide as much support as would be needed. So having something that works is great. Long live SSHJ! Maybe I will contribute some examples. I am building a file system tool to allow my applications to access local and remote files without having to consider which they are. I think I have all the remote methods covered and working using SSHJ. I write in Scala, but I will make some examples up in Java, that will save you and others time. Thanks! |
|
Good luck. We've done something like that once, have a look at https://github.com/xebialabs/overthere and https://github.com/xebialabs/nio-overthere |
(#642, #635... 10? issues)
Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.
If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.