On Tuesday 11 May 2010 05:41:48 Guillaume Nodet wrote:
On Mon, May 10, 2010 at 13:24, Doron Fediuck do...@redhat.com wrote:
Hi guys,
First of all kudus for a great job ! I just discovered this project and it
looks very impressive.
I'm interested in the implementation of an SSH client using public key
authentication.
Since I'd like to use the SSHD project, I have a couple of questions-
1. I saw trunk has now an implementation for UserAuthPublicKey, which is
not available
in current release (0.3.0). My question is, when will be the release which
will include this
implementation ?
This week hopefully.
Great !!!
2. Is there a chance you'll add an example to keystore usage with
UserAuthPublicKey ?
There are some basic unit tests:
http://svn.apache.org/repos/asf/mina/sshd/trunk/sshd-core/src/test/java/org/apache/sshd/ClientTest.java
See the testPublicKeyAuth method
See the attached patch; I managed to use a keystore directly, which is
something I couldn't find
anywhere. So it would be nice if you add this to your sample and/or
documentation.
3. How safe is the current trunk if I want to try and use it ?
Quite safe I think. If you're talking about stability, it should be quite
good, though there might still be a couple of problems if you look at the
JIRA issues (but they may also have been fixed already). From a security
perspective, the only issue I know about is the fact that the public key is
not really checked (as it should be against the ~/.ssh/known_hosts with a
unix ssh impl).
I'm assuming you refer to the ssh server. How stable is the client code in
terms of memory usage, etc ?
*** /tmp/ClientTest.java 2010-05-11 08:44:52.0 +0300
--- /tmp/ClientTest.java.orig 2010-05-11 08:43:06.0 +0300
***
*** 240,265
client.start();
ClientSession session = client.connect(localhost, port).await().getSession();
- /*
- //Sample of standard java keystore usage
- //Load the relevant keystore
- KeyStore ks = KeyStore.getInstance(JKS);
- java.io.FileInputStream fis = new java.io.FileInputStream(/tmp/ca/.keystore);
- ks.load(fis, password);
- fis.close();
-
- //Get private and public keys we need
- KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry(certAlias, new KeyStore.PasswordProtection(ksPassword.toCharArray()));
- PrivateKey myPrivate = pkEntry.getPrivateKey();
- PublicKey myPublic = ks.getCertificate(certAlias).getPublicKey();
-
- //Create a keypair
- KeyPair pair = new KeyPair(myPublic, myPrivate);
-
- //Now pair will be used by session.authPublicKey in order to authenticate :)
- */
-
- //Sample of pem formatte private key file
KeyPair pair = new FileKeyPairProvider(new String[] { src/test/resources/hostkey.pem }).loadKey(KeyPairProvider.SSH_RSA);
assertTrue(session.authPublicKey(smx, pair).await().isSuccess());
--- 240,245
