Exemplo n.º 1
0
  /**
   * Checks the internal hostkey database for the given hostkey. If no matching key can be found,
   * then the hostname is resolved to an IP address and the search is repeated using that IP
   * address.
   *
   * @param hostname the server's hostname, will be matched with all hostname patterns
   * @param serverHostKeyAlgorithm type of hostkey, either <code>ssh-rsa</code> or <code>ssh-dss
   *     </code>
   * @param serverHostKey the key blob
   * @return
   *     <ul>
   *       <li><code>HOSTKEY_IS_OK</code>: the given hostkey matches an entry for the given hostname
   *       <li><code>HOSTKEY_IS_NEW</code>: no entries found for this hostname and this type of
   *           hostkey
   *       <li><code>HOSTKEY_HAS_CHANGED</code>: hostname is known, but with another key of the same
   *           type (man-in-the-middle attack?)
   *     </ul>
   *
   * @throws IOException if the supplied key blob cannot be parsed or does not match the given
   *     hostkey type.
   */
  public int verifyHostkey(String hostname, String serverHostKeyAlgorithm, byte[] serverHostKey)
      throws IOException {
    Object remoteKey = null;

    if ("ssh-rsa".equals(serverHostKeyAlgorithm)) {
      remoteKey = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);
    } else if ("ssh-dss".equals(serverHostKeyAlgorithm)) {
      remoteKey = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey);
    } else throw new IllegalArgumentException("Unknown hostkey type " + serverHostKeyAlgorithm);

    int result = checkKey(hostname, remoteKey);

    if (result == HOSTKEY_IS_OK) return result;

    InetAddress[] ipAdresses = null;

    try {
      ipAdresses = InetAddress.getAllByName(hostname);
    } catch (UnknownHostException e) {
      return result;
    }

    for (int i = 0; i < ipAdresses.length; i++) {
      int newresult = checkKey(ipAdresses[i].getHostAddress(), remoteKey);

      if (newresult == HOSTKEY_IS_OK) return newresult;

      if (newresult == HOSTKEY_HAS_CHANGED) result = HOSTKEY_HAS_CHANGED;
    }

    return result;
  }
Exemplo n.º 2
0
  private boolean verifySignature(byte[] sig, byte[] hostkey) throws IOException {
    if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
      RSASignature rs = RSASHA1Verify.decodeSSHRSASignature(sig);
      RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey);

      log.log(50, "Verifying ssh-rsa signature");

      return RSASHA1Verify.verifySignature(kxs.H, rs, rpk);
    }

    if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
      DSASignature ds = DSASHA1Verify.decodeSSHDSASignature(sig);
      DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey);

      log.log(50, "Verifying ssh-dss signature");

      return DSASHA1Verify.verifySignature(kxs.H, ds, dpk);
    }

    throw new IOException(
        "Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'");
  }
Exemplo n.º 3
0
  /**
   * Adds a single public key entry to the database. Note: this will NOT add the public key to any
   * physical file (e.g., "~/.ssh/known_hosts") - use <code>addHostkeyToFile()</code> for that
   * purpose. This method is designed to be used in a {@link ServerHostKeyVerifier}.
   *
   * @param hostnames a list of hostname patterns - at least one most be specified. Check out the
   *     OpenSSH sshd man page for a description of the pattern matching algorithm.
   * @param serverHostKeyAlgorithm as passed to the {@link ServerHostKeyVerifier}.
   * @param serverHostKey as passed to the {@link ServerHostKeyVerifier}.
   * @throws IOException
   */
  public void addHostkey(String hostnames[], String serverHostKeyAlgorithm, byte[] serverHostKey)
      throws IOException {
    if (hostnames == null) throw new IllegalArgumentException("hostnames may not be null");

    if ("ssh-rsa".equals(serverHostKeyAlgorithm)) {
      RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);

      synchronized (publicKeys) {
        publicKeys.add(new KnownHostsEntry(hostnames, rpk));
      }
    } else if ("ssh-dss".equals(serverHostKeyAlgorithm)) {
      DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey);

      synchronized (publicKeys) {
        publicKeys.add(new KnownHostsEntry(hostnames, dpk));
      }
    } else throw new IOException("Unknwon host key type (" + serverHostKeyAlgorithm + ")");
  }