Skip navigation links
com.trilead.ssh2

Class KnownHosts

    • Method Detail

      • addHostkey

        public void addHostkey(String[] hostnames,
                               String serverHostKeyAlgorithm,
                               byte[] serverHostKey)
                        throws IOException
        Adds a single public key entry to the database. Note: this will NOT add the public key to any physical file (e.g., "~/.ssh/known_hosts") - use addHostkeyToFile() for that purpose. This method is designed to be used in a ServerHostKeyVerifier.
        Parameters:
        hostnames - a list of hostname patterns - at least one most be specified. Check out the OpenSSH sshd man page for a description of the pattern matching algorithm.
        serverHostKeyAlgorithm - as passed to the ServerHostKeyVerifier.
        serverHostKey - as passed to the ServerHostKeyVerifier.
        Throws:
        IOException
      • addHostkeys

        public void addHostkeys(char[] knownHostsData)
                         throws IOException
        Parses the given known_hosts data and adds entries to the database.
        Parameters:
        knownHostsData -
        Throws:
        IOException
      • addHostkeys

        public void addHostkeys(File knownHosts)
                         throws IOException
        Parses the given known_hosts file and adds entries to the database.
        Parameters:
        knownHosts -
        Throws:
        IOException
      • createHashedHostname

        public static final String createHashedHostname(String hostname)
        Generate the hashed representation of the given hostname. Useful for adding entries with hashed hostnames to a known_hosts file. (see -H option of OpenSSH key-gen).
        Parameters:
        hostname -
        Returns:
        the hashed representation, e.g., "|1|cDhrv7zwEUV3k71CEPHnhHZezhA=|Xo+2y6rUXo2OIWRAYhBOIijbJMA="
      • getPreferredServerHostkeyAlgorithmOrder

        public String[] getPreferredServerHostkeyAlgorithmOrder(String hostname)
        Try to find the preferred order of hostkey algorithms for the given hostname. Based on the type of hostkey that is present in the internal database (i.e., either ssh-rsa or ssh-dss) an ordered list of hostkey algorithms is returned which can be passed to Connection.setServerHostKeyAlgorithms.
        Parameters:
        hostname -
        Returns:
        null if no key for the given hostname is present or there are keys of multiple types present for the given hostname. Otherwise, an array with hostkey algorithms is returned (i.e., an array of length 2).
      • verifyHostkey

        public int verifyHostkey(String hostname,
                                 String serverHostKeyAlgorithm,
                                 byte[] serverHostKey)
                          throws IOException
        Checks the internal hostkey database for the given hostkey. If no matching key can be found, then the hostname is resolved to an IP address and the search is repeated using that IP address.
        Parameters:
        hostname - the server's hostname, will be matched with all hostname patterns
        serverHostKeyAlgorithm - type of hostkey, either ssh-rsa or ssh-dss
        serverHostKey - the key blob
        Returns:
        • HOSTKEY_IS_OK: the given hostkey matches an entry for the given hostname
        • HOSTKEY_IS_NEW: no entries found for this hostname and this type of hostkey
        • HOSTKEY_HAS_CHANGED: hostname is known, but with another key of the same type (man-in-the-middle attack?)
        Throws:
        IOException - if the supplied key blob cannot be parsed or does not match the given hostkey type.
      • addHostkeyToFile

        public static final void addHostkeyToFile(File knownHosts,
                                                  String[] hostnames,
                                                  String serverHostKeyAlgorithm,
                                                  byte[] serverHostKey)
                                           throws IOException
        Adds a single public key entry to the a known_hosts file. This method is designed to be used in a ServerHostKeyVerifier.
        Parameters:
        knownHosts - the file where the publickey entry will be appended.
        hostnames - a list of hostname patterns - at least one most be specified. Check out the OpenSSH sshd man page for a description of the pattern matching algorithm.
        serverHostKeyAlgorithm - as passed to the ServerHostKeyVerifier.
        serverHostKey - as passed to the ServerHostKeyVerifier.
        Throws:
        IOException
      • createHexFingerprint

        public static final String createHexFingerprint(String keytype,
                                                        byte[] publickey)
        Convert a ssh2 key-blob into a human readable hex fingerprint. Generated fingerprints are identical to those generated by OpenSSH.

        Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47.

        Parameters:
        keytype - either "ssh-rsa" or "ssh-dss"
        publickey - key blob
        Returns:
        Hex fingerprint
      • createBubblebabbleFingerprint

        public static final String createBubblebabbleFingerprint(String keytype,
                                                                 byte[] publickey)
        Convert a ssh2 key-blob into a human readable bubblebabble fingerprint. The used bubblebabble algorithm (taken from OpenSSH) generates fingerprints that are easier to remember for humans.

        Example fingerprint: xofoc-bubuz-cazin-zufyl-pivuk-biduk-tacib-pybur-gonar-hotat-lyxux.

        Parameters:
        keytype - either "ssh-rsa" or "ssh-dss"
        publickey - key data
        Returns:
        Bubblebabble fingerprint

Copyright © 2019. All rights reserved.