Actions
Defect #1742
openSSH connector does not work properly with hostKey check
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
07/08/2019
Due date:
% Done:
0%
Estimated time:
Affected versions:
Owner:
Description
HostKey check is a check where the SSH client checks a fingerprint of a server it is connecting to. If the fingerprint does not match, then the client shall refuse to connect (because invalid host key means possible MitM attack).
Currently:
Currently:
- When hostKey is not defined in the configuration, the hostKey check is not performed at all.
- When hostKey is defined, the client cannot connect to any server. Format of hostKey has no effect.
- The SSHConnection class (https://github.com/bcvsolutions/ssh-connector/blob/master/ssh-connector/src/main/java/eu/bcvsolutions/idm/connector/ssh/SSHConnection.java) has buggy code on lines 150 and 160 (jsch.addIdentity ...) where it adds hostKey as a public key to the SSH client's identity. This is definitelly a bug.
- It is necessary to do a revision of HostFingerPrints library to make it:
- Correctly accept host keys from configuration.
- To make it accept multiple host keys (or to drop the "multi" label from IdM...).
No data to display
Actions