On Tuesday 11 May 2010 05:41:48 Guillaume Nodet wrote: > On Mon, May 10, 2010 at 13:24, Doron Fediuck <do...@redhat.com> wrote: > > > Hi guys, > > First of all kudus for a great job ! I just discovered this project and it > > looks very impressive. > > > > I'm interested in the implementation of an SSH client using public key > > authentication. > > Since I'd like to use the SSHD project, I have a couple of questions- > > > > 1. I saw trunk has now an implementation for UserAuthPublicKey, which is > > not available > > in current release (0.3.0). My question is, when will be the release which > > will include this > > implementation ? > > > > This week hopefully. Great !!!
> > > > 2. Is there a chance you'll add an example to keystore usage with > > UserAuthPublicKey ? > > > > There are some basic unit tests: > > http://svn.apache.org/repos/asf/mina/sshd/trunk/sshd-core/src/test/java/org/apache/sshd/ClientTest.java > See the testPublicKeyAuth method See the attached patch; I managed to use a keystore directly, which is something I couldn't find anywhere. So it would be nice if you add this to your sample and/or documentation. > > > > 3. How safe is the current trunk if I want to try and use it ? > > > > Quite safe I think. If you're talking about stability, it should be quite > good, though there might still be a couple of problems if you look at the > JIRA issues (but they may also have been fixed already). From a security > perspective, the only issue I know about is the fact that the public key is > not really checked (as it should be against the ~/.ssh/known_hosts with a > unix ssh impl). I'm assuming you refer to the ssh server. How stable is the client code in terms of memory usage, etc ?
*** /tmp/ClientTest.java 2010-05-11 08:44:52.000000000 +0300 --- /tmp/ClientTest.java.orig 2010-05-11 08:43:06.000000000 +0300 *************** *** 240,265 **** client.start(); ClientSession session = client.connect("localhost", port).await().getSession(); - /* - //Sample of standard java keystore usage - //Load the relevant keystore - KeyStore ks = KeyStore.getInstance("JKS"); - java.io.FileInputStream fis = new java.io.FileInputStream("/tmp/ca/.keystore"); - ks.load(fis, password); - fis.close(); - - //Get private and public keys we need - KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("certAlias", new KeyStore.PasswordProtection("ksPassword".toCharArray())); - PrivateKey myPrivate = pkEntry.getPrivateKey(); - PublicKey myPublic = ks.getCertificate("certAlias").getPublicKey(); - - //Create a keypair - KeyPair pair = new KeyPair(myPublic, myPrivate); - - //Now pair will be used by session.authPublicKey in order to authenticate :) - */ - - //Sample of pem formatte private key file KeyPair pair = new FileKeyPairProvider(new String[] { "src/test/resources/hostkey.pem" }).loadKey(KeyPairProvider.SSH_RSA); assertTrue(session.authPublicKey("smx", pair).await().isSuccess()); --- 240,245 ----