[jira] [Commented] (SSHD-1255) Support host key update and rotation in the client

["Lyor Goldstein (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510059#comment-17510059 ] 

Lyor Goldstein commented on SSHD-1255:
--------------------------------------

[~twolf] Please note that we already have support for these extensions - see {{{}OpenSshHostKeysHandler{}}}-s for client and server. As far as I can tell they implement the specified behavior, but perhaps some updates are in order. Specifically for the "hostkeys-00@openssh.com" handler it does not consult the {_}known_hosts{_}. We do have code for handling _known_hosts_ via {{KnownHostsServerKeyVerifier}} and its derivatives (e.g. {{{}DefaultKnownHostsServerKeyVerifier{}}}), we just never tied them together. In any case, I recommend implementing a default behavior that ties them, but leaves the option to the user to "plug in" some other verifier - including a null/empty/accept-all one.

> Support host key update and rotation in the client
> --------------------------------------------------
>
>                 Key: SSHD-1255
>                 URL: https://issues.apache.org/jira/browse/SSHD-1255
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.8.0
>            Reporter: Thomas Wolf
>            Priority: Major
>
> Add support for the {{hostkeys-00@openssh.com}} and {{hostkeys-prove-00@openssh.com}} KEX extensions, including updating {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org