On Tuesday 11 May 2010 05:41:48 Guillaume Nodet wrote:
> On Mon, May 10, 2010 at 13:24, Doron Fediuck <do...@redhat.com> wrote:
>
> > Hi guys,
> > First of all kudus for a great job ! I just discovered this project and it
> > looks very impressive.
> >
> > I'm interested in the implementation of an SSH client using public key
> > authentication.
> > Since I'd like to use the SSHD project, I have a couple of questions-
> >
> > 1. I saw trunk has now an implementation for UserAuthPublicKey, which is
> > not available
> > in current release (0.3.0). My question is, when will be the release which
> > will include this
> > implementation ?
> >
> > This week hopefully.
Great !!!
>
>
> > 2. Is there a chance you'll add an example to keystore usage with
> > UserAuthPublicKey ?
> >
> > There are some basic unit tests:
>
> http://svn.apache.org/repos/asf/mina/sshd/trunk/sshd-core/src/test/java/org/apache/sshd/ClientTest.java
> See the testPublicKeyAuth method
See the attached patch; I managed to use a keystore directly, which is
something I couldn't find
anywhere. So it would be nice if you add this to your sample and/or
documentation.
>
>
> > 3. How safe is the current trunk if I want to try and use it ?
> >
>
> Quite safe I think. If you're talking about stability, it should be quite
> good, though there might still be a couple of problems if you look at the
> JIRA issues (but they may also have been fixed already). From a security
> perspective, the only issue I know about is the fact that the public key is
> not really checked (as it should be against the ~/.ssh/known_hosts with a
> unix ssh impl).
I'm assuming you refer to the ssh server. How stable is the client code in
terms of memory usage, etc ?
*** /tmp/ClientTest.java 2010-05-11 08:44:52.000000000 +0300
--- /tmp/ClientTest.java.orig 2010-05-11 08:43:06.000000000 +0300
***************
*** 240,265 ****
client.start();
ClientSession session = client.connect("localhost", port).await().getSession();
- /*
- //Sample of standard java keystore usage
- //Load the relevant keystore
- KeyStore ks = KeyStore.getInstance("JKS");
- java.io.FileInputStream fis = new java.io.FileInputStream("/tmp/ca/.keystore");
- ks.load(fis, password);
- fis.close();
-
- //Get private and public keys we need
- KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("certAlias", new KeyStore.PasswordProtection("ksPassword".toCharArray()));
- PrivateKey myPrivate = pkEntry.getPrivateKey();
- PublicKey myPublic = ks.getCertificate("certAlias").getPublicKey();
-
- //Create a keypair
- KeyPair pair = new KeyPair(myPublic, myPrivate);
-
- //Now pair will be used by session.authPublicKey in order to authenticate :)
- */
-
- //Sample of pem formatte private key file
KeyPair pair = new FileKeyPairProvider(new String[] { "src/test/resources/hostkey.pem" }).loadKey(KeyPairProvider.SSH_RSA);
assertTrue(session.authPublicKey("smx", pair).await().isSuccess());
--- 240,245 ----
