You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2015/02/09 15:59:51 UTC
karaf git commit: [KARAF-3423] Improve the known hosts and server key
verifier in ssh:ssh
Repository: karaf
Updated Branches:
refs/heads/master 2e288d281 -> afbd611de
[KARAF-3423] Improve the known hosts and server key verifier in ssh:ssh
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/afbd611d
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/afbd611d
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/afbd611d
Branch: refs/heads/master
Commit: afbd611de8a9d728f50c67bd8c627ce47c0a8f50
Parents: 2e288d2
Author: Jean-Baptiste Onofré <jb...@apache.org>
Authored: Mon Feb 9 15:59:17 2015 +0100
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Mon Feb 9 15:59:17 2015 +0100
----------------------------------------------------------------------
.../org/apache/karaf/shell/ssh/Activator.java | 1 -
.../karaf/shell/ssh/KnownHostsManager.java | 4 +--
.../karaf/shell/ssh/ServerKeyVerifierImpl.java | 15 ++++++++++
.../org/apache/karaf/shell/ssh/SshAction.java | 29 +++++---------------
4 files changed, 24 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/afbd611d/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
index 7614cb4..cdc981f 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
@@ -18,7 +18,6 @@
*/
package org.apache.karaf.shell.ssh;
-import java.io.File;
import java.io.IOException;
import java.util.Arrays;
http://git-wip-us.apache.org/repos/asf/karaf/blob/afbd611d/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KnownHostsManager.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KnownHostsManager.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KnownHostsManager.java
index 0c9389d..933a7c3 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KnownHostsManager.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KnownHostsManager.java
@@ -115,8 +115,8 @@ public class KnownHostsManager {
bw.append(serverKey.getAlgorithm());
bw.append(" ");
serverKey.getEncoded();
- bw.append(new String(Base64.encodeBase64(serverKey.getEncoded()),
- "UTF-8"));
+ bw.append(new String(Base64.encodeBase64(serverKey.getEncoded()), "UTF-8"));
+ bw.append("\n");
}
String getAddressString(SocketAddress address) {
http://git-wip-us.apache.org/repos/asf/karaf/blob/afbd611d/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImpl.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImpl.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImpl.java
index 13e28a8..a60c494 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImpl.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/ServerKeyVerifierImpl.java
@@ -27,9 +27,23 @@ import org.apache.sshd.ClientSession;
import org.apache.sshd.client.ServerKeyVerifier;
public class ServerKeyVerifierImpl implements ServerKeyVerifier {
+
private final KnownHostsManager knownHostsManager;
private final boolean quiet;
+ private final static String keyChangedMessage =
+ " @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n" +
+ " @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ \n" +
+ " @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n" +
+ "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" +
+ "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" +
+ "It is also possible that the RSA host key has just been changed.\n" +
+ "Please contact your system administrator.\n" +
+ "Add correct host key in " + System.getProperty("user.home") + "/.sshkaraf/known_hosts to get rid of this message.\n" +
+ "Offending key in " + System.getProperty("user.home") + "/.sshkaraf/known_hosts\n" +
+ "RSA host key has changed and you have requested strict checking.\n" +
+ "Host key verification failed.";
+
public ServerKeyVerifierImpl(KnownHostsManager knownHostsManager, boolean quiet) {
this.knownHostsManager = knownHostsManager;
this.quiet = quiet;
@@ -66,6 +80,7 @@ public class ServerKeyVerifierImpl implements ServerKeyVerifier {
boolean verifed = (knownKey.equals(serverKey));
if (!verifed) {
System.err.println("Server key for host " + remoteAddress + " does not match the stored key !! Terminating session.");
+ System.err.println(keyChangedMessage);
}
return verifed;
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/afbd611d/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshAction.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshAction.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshAction.java
index 3197e5d..81d6829 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshAction.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshAction.java
@@ -41,8 +41,6 @@ import org.apache.sshd.client.ServerKeyVerifier;
import org.apache.sshd.client.UserInteraction;
import org.apache.sshd.client.channel.ChannelShell;
import org.apache.sshd.client.future.ConnectFuture;
-import org.apache.sshd.common.RuntimeSshException;
-import org.apache.sshd.common.SshException;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.NoCloseInputStream;
import org.apache.sshd.common.util.NoCloseOutputStream;
@@ -81,18 +79,7 @@ public class SshAction implements Action {
@Reference
private Session session;
- private final static String keyChangedMessage =
- " @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n" +
- " @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ \n" +
- " @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n" +
- "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" +
- "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" +
- "It is also possible that the RSA host key has just been changed.\n" +
- "Please contact your system administrator.\n" +
- "Add correct host key in " + System.getProperty("user.home") + "/.sshkaraf/known_hosts to get rid of this message.\n" +
- "Offending key in " + System.getProperty("user.home") + "/.sshkaraf/known_hosts\n" +
- "RSA host key has changed and you have requested strict checking.\n" +
- "Host key verification failed.";
+
@Override
public Object execute() throws Exception {
@@ -145,19 +132,17 @@ public class SshAction implements Action {
try {
ClientSession sshSession = connectWithRetries(client, username, hostname, port, retries);
Object oldIgnoreInterrupts = this.session.get(Session.IGNORE_INTERRUPTS);
+
try {
if (password != null) {
sshSession.addPasswordIdentity(password);
}
- try {
- sshSession.auth().verify();
- } catch (Exception e) {
- if (e.getCause() != null && e.getCause().getMessage().contains("Session is closed")) {
- System.err.println(keyChangedMessage);
- }
- throw e;
- }
+
+ sshSession.auth().verify();
+
+ System.out.println("Connected");
this.session.put(Session.IGNORE_INTERRUPTS, Boolean.TRUE);
+
StringBuilder sb = new StringBuilder();
if (command != null) {
for (String cmd : command) {