| java.lang.Object
 ch.ethz.ssh2.KnownHosts
| KnownHosts | | public class KnownHosts (Code) | | The KnownHosts class is a handy tool to verify received server hostkeys
based on the information in known_hosts files (the ones used by OpenSSH).
It offers basically an in-memory database for known_hosts entries, as well as some
helper functions. Entries from a known_hosts file can be loaded at construction time.
It is also possible to add more keys later (e.g., one can parse different
known_hosts files).
It is a thread safe implementation, therefore, you need only to instantiate one
KnownHosts for your whole application.
author:
Christian Plattner, plattner@inf.ethz.ch
version:
$Id: KnownHosts.java,v 1.5 2006/07/30 21:59:29 cplattne Exp $ |
| Method Summary | |
| public void | addHostkey(String hostnames, String serverHostKeyAlgorithm, byte[] serverHostKey)
Adds a single public key entry to the database. | | final public static void | addHostkeyToFile(File knownHosts, String[] hostnames, String serverHostKeyAlgorithm, byte[] serverHostKey)
Adds a single public key entry to the a known_hosts file.
This method is designed to be used in a
ServerHostKeyVerifier .
Parameters:
knownHosts - the file where the publickey entry will be appended.
Parameters:
hostnames - a list of hostname patterns - at least one most be specified. | | public void | addHostkeys(char[] knownHostsData)
Parses the given known_hosts data and adds entries to the database. | | public void | addHostkeys(File knownHosts)
Parses the given known_hosts file and adds entries to the database. | | final public static String | createBubblebabbleFingerprint(String keytype, byte[] publickey)
Convert a ssh2 key-blob into a human readable bubblebabble fingerprint. | | final public static String | createHashedHostname(String hostname)
Generate the hashed representation of the given hostname. | | final public static String | createHexFingerprint(String keytype, byte[] publickey)
Convert a ssh2 key-blob into a human readable hex fingerprint. | | public String[] | getPreferredServerHostkeyAlgorithmOrder(String hostname)
Try to find the preferred order of hostkey algorithms for the given hostname.
Based on the type of hostkey that is present in the internal database
(i.e., either ssh-rsa or ssh-dss)
an ordered list of hostkey algorithms is returned which can be passed
to Connection.setServerHostKeyAlgorithms. | | public int | verifyHostkey(String hostname, String serverHostKeyAlgorithm, byte[] serverHostKey)
Checks the internal hostkey database for the given hostkey. |
| HOSTKEY_HAS_CHANGED | | final public static int HOSTKEY_HAS_CHANGED(Code) | | |
| HOSTKEY_IS_NEW | | final public static int HOSTKEY_IS_NEW(Code) | | |
| HOSTKEY_IS_OK | | final public static int HOSTKEY_IS_OK(Code) | | |
| KnownHosts | | public KnownHosts()(Code) | | |
| addHostkey | | public void addHostkey(String hostnames, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException(Code) | | Adds a single public key entry to the database. Note: this will NOT add the public key
to any physical file (e.g., "~/.ssh/known_hosts") - use addHostkeyToFile() for that purpose.
This method is designed to be used in a
ServerHostKeyVerifier .
Parameters:
hostnames - a list of hostname patterns - at least one most be specified. Check out theOpenSSH sshd man page for a description of the pattern matching algorithm.
Parameters:
serverHostKeyAlgorithm - as passed to the ServerHostKeyVerifier.
Parameters:
serverHostKey - as passed to the ServerHostKeyVerifier.
throws:
IOException - |
| addHostkeyToFile | | final public static void addHostkeyToFile(File knownHosts, String[] hostnames, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException(Code) | | Adds a single public key entry to the a known_hosts file.
This method is designed to be used in a
ServerHostKeyVerifier .
Parameters:
knownHosts - the file where the publickey entry will be appended.
Parameters:
hostnames - a list of hostname patterns - at least one most be specified. Check out theOpenSSH sshd man page for a description of the pattern matching algorithm.
Parameters:
serverHostKeyAlgorithm - as passed to the ServerHostKeyVerifier.
Parameters:
serverHostKey - as passed to the ServerHostKeyVerifier.
throws:
IOException - |
| addHostkeys | | public void addHostkeys(char[] knownHostsData) throws IOException(Code) | | Parses the given known_hosts data and adds entries to the database.
Parameters:
knownHostsData -
throws:
IOException - |
| addHostkeys | | public void addHostkeys(File knownHosts) throws IOException(Code) | | Parses the given known_hosts file and adds entries to the database.
Parameters:
knownHosts -
throws:
IOException - |
| createBubblebabbleFingerprint | | final public static String createBubblebabbleFingerprint(String keytype, byte[] publickey)(Code) | | Convert a ssh2 key-blob into a human readable bubblebabble fingerprint.
The used bubblebabble algorithm (taken from OpenSSH) generates fingerprints
that are easier to remember for humans.
Example fingerprint: xofoc-bubuz-cazin-zufyl-pivuk-biduk-tacib-pybur-gonar-hotat-lyxux.
Parameters:
keytype - either "ssh-rsa" or "ssh-dss"
Parameters:
publickey - key data Bubblebabble fingerprint |
| createHashedHostname | | final public static String createHashedHostname(String hostname)(Code) | | Generate the hashed representation of the given hostname. Useful for adding entries
with hashed hostnames to a known_hosts file. (see -H option of OpenSSH key-gen).
Parameters:
hostname - the hashed representation, e.g., "|1|cDhrv7zwEUV3k71CEPHnhHZezhA=|Xo+2y6rUXo2OIWRAYhBOIijbJMA=" |
| createHexFingerprint | | final public static String createHexFingerprint(String keytype, byte[] publickey)(Code) | | Convert a ssh2 key-blob into a human readable hex fingerprint.
Generated fingerprints are identical to those generated by OpenSSH.
Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47.
Parameters:
keytype - either "ssh-rsa" or "ssh-dss"
Parameters:
publickey - key blob Hex fingerprint |
| getPreferredServerHostkeyAlgorithmOrder | | public String[] getPreferredServerHostkeyAlgorithmOrder(String hostname)(Code) | | Try to find the preferred order of hostkey algorithms for the given hostname.
Based on the type of hostkey that is present in the internal database
(i.e., either ssh-rsa or ssh-dss)
an ordered list of hostkey algorithms is returned which can be passed
to Connection.setServerHostKeyAlgorithms.
Parameters:
hostname - null if no key for the given hostname is present orthere are keys of multiple types present for the given hostname. Otherwise,an array with hostkey algorithms is returned (i.e., an array of length 2). |
| verifyHostkey | | public int verifyHostkey(String hostname, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException(Code) | | Checks the internal hostkey database for the given hostkey.
If no matching key can be found, then the hostname is resolved to an IP address
and the search is repeated using that IP address.
Parameters:
hostname - the server's hostname, will be matched with all hostname patterns
Parameters:
serverHostKeyAlgorithm - type of hostkey, either ssh-rsa or ssh-dss
Parameters:
serverHostKey - the key blob HOSTKEY_IS_OK: the given hostkey matches an entry for the given hostnameHOSTKEY_IS_NEW: no entries found for this hostname and this type of hostkeyHOSTKEY_HAS_CHANGED: hostname is known, but with another key of the same type(man-in-the-middle attack?)
throws:
IOException - if the supplied key blob cannot be parsed or does not match the given hostkey type. |
|
|