You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm sure this is probably obvious to others, but I'm struggling with it. My goal is to validate host keys in a similar method to ~./ssh/known_hosts the method doesn't have to be identical but obviously I want to know if someone is attempting to MITM.
In a perfect world, I would want to be able to import an existing known_hosts into an application and support that, but I'll do it however I can to support some sort of validation of host public keys. I'm currrently on ssh2 v1.5.0 and node v16.15.1.
Right now, here's my basic code for "interrogating" the hostkeys event:
The PEM files are for use with OpenSSL (since OpenSSL doesn't understand SSH key formats). You want the SSH public key for known_hosts. Also, there is key.getPublicSSH() to get at the SSH format public key (instead of prying into internal symbols).
Gotcha, I wasn't getting that for some reason... It's quite obvious now, thanks for pointing me in the right direction.
I ended up with this as my placeholder and it seems to return keys as expected.
// hostKeyChecker.js/** * Processes the host keys and returns an array of objects * containing the key type and publicKeyKnownHosts. * @param {Array} keys - The host keys. * @returns {Array} An array of objects with key type and publicKeyKnownHosts. */functioncheckHostKeys(keys){returnkeys.map((obj)=>{constpublicKeySSH=obj.getPublicSSH();if(Buffer.isBuffer(publicKeySSH)){return{type: obj.type,publicKeyKnownHosts: publicKeySSH.toString('base64'),};}console.error(`Public key SSH is not a buffer for ${obj.type}`);returnnull;}).filter(Boolean);}module.exports={
checkHostKeys,};
I'm sure this is probably obvious to others, but I'm struggling with it. My goal is to validate host keys in a similar method to
~./ssh/known_hosts
the method doesn't have to be identical but obviously I want to know if someone is attempting to MITM.In a perfect world, I would want to be able to
import
an existingknown_hosts
into an application and support that, but I'll do it however I can to support some sort of validation of host public keys. I'm currrently on ssh2 v1.5.0 and node v16.15.1.Right now, here's my basic code for "interrogating" the
hostkeys
event:and then the
checkHostKeys
functionand here's what I get for console logs:
Am I just grabbing the wrong object or what? If I log the
publicKeyPEM
it looks "right". I've also tried this thePublic key SSH
object:Result:
I might be just missing something plainly obvious.
Thanks!
The text was updated successfully, but these errors were encountered: