You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2022/03/21 18:19:00 UTC
[jira] [Commented] (SSHD-1255) Support host key update and rotation in the client
[ https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510059#comment-17510059 ]
Lyor Goldstein commented on SSHD-1255:
--------------------------------------
[~twolf] Please note that we already have support for these extensions - see {{{}OpenSshHostKeysHandler{}}}-s for client and server. As far as I can tell they implement the specified behavior, but perhaps some updates are in order. Specifically for the "hostkeys-00@openssh.com" handler it does not consult the {_}known_hosts{_}. We do have code for handling _known_hosts_ via {{KnownHostsServerKeyVerifier}} and its derivatives (e.g. {{{}DefaultKnownHostsServerKeyVerifier{}}}), we just never tied them together. In any case, I recommend implementing a default behavior that ties them, but leaves the option to the user to "plug in" some other verifier - including a null/empty/accept-all one.
> Support host key update and rotation in the client
> --------------------------------------------------
>
> Key: SSHD-1255
> URL: https://issues.apache.org/jira/browse/SSHD-1255
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.8.0
> Reporter: Thomas Wolf
> Priority: Major
>
> Add support for the {{hostkeys-00@openssh.com}} and {{hostkeys-prove-00@openssh.com}} KEX extensions, including updating {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org