Changeset 2563


Ignore:
Timestamp:
Aug 8, 2014, 11:58:25 AM (7 years ago)
Author:
Nicklas Nordborg
Message:

References #533: Add secondary analysis section to Reggie

Use fingerprint instead of BASE64-encoded public key to verify connections to SSH servers. Fingerprints are shorter and easier to handle is more compatible with new feature in BASE FileServer? items.

Location:
extensions/net.sf.basedb.reggie/trunk
Files:
1 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • extensions/net.sf.basedb.reggie/trunk/reggie-ogs-hosts.xml

    r2555 r2563  
    1010    address="ip-name.of.the.host"
    1111    port="22"
    12     public-key="Base64-encoded public key of SSH server"
     12    fingerprint="Fingerprint of the public key for this server"
    1313    user=""
    1414    password=""
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/grid/OpenGridService.java

    r2555 r2563  
    186186        cluster.setName(h.getAttributeValue("name"));
    187187        cluster.setAddress(h.getAttributeValue("address"));
    188         cluster.setPublicKey(h.getAttributeValue("public-key"));
     188        cluster.setFingerprint(h.getAttributeValue("fingerprint"));
    189189        cluster.setUser(h.getAttributeValue("user"));
    190190        cluster.setPassword(h.getAttributeValue("password"));
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/ssh/SshHost.java

    r2512 r2563  
    55import java.io.InputStream;
    66import java.io.OutputStream;
    7 import java.security.PublicKey;
    87import java.text.SimpleDateFormat;
    98import java.util.Date;
     
    1817
    1918import net.schmizz.sshj.SSHClient;
    20 import net.schmizz.sshj.common.Base64;
    21 import net.schmizz.sshj.common.Buffer;
    22 import net.schmizz.sshj.common.SecurityUtils;
    2319import net.schmizz.sshj.connection.channel.direct.Session;
    2420import net.schmizz.sshj.connection.channel.direct.Session.Command;
     
    3127import net.schmizz.sshj.xfer.LocalSourceFile;
    3228import net.schmizz.sshj.xfer.scp.SCPFileTransfer;
     29import net.sf.basedb.core.FileServer;
     30import net.sf.basedb.core.InvalidDataException;
    3331import net.sf.basedb.reggie.converter.StringToDateConverter;
    3432import net.sf.basedb.util.FileCopyRunnable;
     
    5452  private String user;
    5553  private String password;
    56   private PublicKey publicKey;
     54  private String fingerprint;
    5755 
    5856  private Map<String, Object> infoCache;
     
    110108 
    111109  /**
    112     Set the public key for the host so we can verify that the
    113     connection is made to the exepected SSH server. The public
    114     key should be a string in Base64-enocded format. This is typically
    115     the format that is available in the 'known_hosts' file.
     110    Set the public key fingerprint for the host so we can verify that the
     111    connection is made to the exepected SSH server. The fingerprint
     112    is a string containing 16 pairs of hexadecimal numbers separated with colon.
    116113   
    117114    @param key A public key in Base64-encoded format, or null to
     
    119116    @throws An exception if the key is not valid
    120117  */
    121   public void setPublicKey(String key)
    122   {
    123     publicKey = null;
    124     if (key != null)
    125     {
    126       try
    127       {
    128         publicKey = new Buffer.PlainBuffer(Base64.decode(key)).readPublicKey();
    129       }
    130       catch (IOException ex)
    131       {
    132         throw new RuntimeException(ex);
    133       }
    134     }
     118  public void setFingerprint(String fingerprint)
     119  {
     120    if (fingerprint != null)
     121    {
     122      if (fingerprint.length() != FileServer.FINGERPRINT_LENGTH)
     123      {
     124        throw new InvalidDataException("SSH fingerprint must be exactly " + FileServer.FINGERPRINT_LENGTH + " characters long");
     125      }
     126      if (!FileServer.FINGERPRINT_PATTERN.matcher(fingerprint).matches())
     127      {
     128        throw new InvalidDataException("Not a valid SSH fingerprint: " + fingerprint);
     129      }
     130    }
     131    this.fingerprint = fingerprint;
    135132  }
    136133
     
    141138  public String getFingerPrint()
    142139  {
    143     return publicKey == null ? null : SecurityUtils.getFingerprint(publicKey);
     140    return fingerprint;
    144141  }
    145142 
     
    239236    }
    240237    SSHClient ssh = new SSHClient();
    241     if (publicKey == null)
     238    if (fingerprint == null)
    242239    {
    243240      ssh.addHostKeyVerifier(new PromiscuousVerifier());
     
    245242    else
    246243    {
    247       ssh.addHostKeyVerifier(new PublicKeyVerifier(publicKey));
     244      ssh.addHostKeyVerifier(fingerprint);
    248245    }
    249246    try
Note: See TracChangeset for help on using the changeset viewer.