SFTP UnknownHostKey

Added by Hajnal Akos almost 6 years ago

Dear Developers,

(1) I would like to ask that is it possible to turn off "StrictHostKeyChecking" attribute of the ssh adaptor in jSaga
(via session/context)?

(2) Is it true that .ssh/known_hosts file (what jSaga sees) must contain server's public key otherwise it is
impossible to connect via sftp? (Or the known_hosts file pointed by "KnownHosts" context attribute.)

(Earlier I could successfuly list directory contents of sftp sites - as I remember - without adding anything
to the known_hosts file. Although, I changed to another server, but supposed to have the same configuration,
maybe I modified the known_hosts file, deleted the missing line, I am not sure. Have the adaptor changed recently?)

Thank you,
Akos Hajnal


Replies (6)

RE: SFTP UnknownHostKey - Added by Schwarz Lionel almost 6 years ago

Hi Akos,
If you do not want the "KnownHosts" attribute, remove it from the context:

context.removeAttribute("KnownHosts");

Nothing has changed recently in the SSH adaptor code.

HTH
Lionel

RE: SFTP UnknownHostKey - Added by Hajnal Akos almost 6 years ago

Dear Lionel,

Sorry, I was not clear enough.

Here is my example that does not work:

import org.ogf.saga.context.*;
import org.ogf.saga.namespace.*;
import org.ogf.saga.session.*;
import org.ogf.saga.url.*;

public class Ssh {
    public static void main(String[] args) throws Exception {
        try {
            URL url = URLFactory.createURL("sftp://192.168.153.100");
            Session session = SessionFactory.createSession(false);
            Context ctx = ContextFactory.createContext("UserPass"); 
            ctx.setAttribute(Context.USERID, "root");
            ctx.setAttribute(Context.USERPASS, "***");
            //ctx.setAttribute("KnownHosts", "./myknown_hosts"); no effect
            session.addContext(ctx);
            NSDirectory dir = NSFactory.createNSDirectory(session, url);
            for (URL dirEntry: dir.list()) System.out.println(dirEntry.getPath());
            dir.close();
        } catch (Exception e) { e.printStackTrace(); }
    }
}

My default known_hosts file (C:\Documents and Settings\Akos Hajnal\.ssh\known_hosts) does not know the server 192.168.153.100, so I get the excption:

NoSuccess: Unable to connect to server
    at fr.in2p3.jsaga.adaptor.ssh.SSHAdaptorAbstract.connect(SSHAdaptorAbstract.java:166)
    at fr.in2p3.jsaga.adaptor.ssh.data.SFTPDataAdaptor.connect(SFTPDataAdaptor.java:58)
    at fr.in2p3.jsaga.engine.factories.DataAdaptorFactory.getDataAdaptorAndConnect(DataAdaptorFactory.java:101)
    at fr.in2p3.jsaga.impl.namespace.AbstractSyncNSFactoryImpl.doCreateNSDirectorySync(AbstractSyncNSFactoryImpl.java:61)
    at fr.in2p3.jsaga.impl.namespace.NSFactoryImpl.doCreateNSDirectory(NSFactoryImpl.java:48)
    at org.ogf.saga.namespace.NSFactory.createNSDirectory(NSFactory.java:667)
    at org.ogf.saga.namespace.NSFactory.createNSDirectory(NSFactory.java:606)
    at org.ogf.saga.namespace.NSFactory.createNSDirectory(NSFactory.java:722)
    at Ssh.main(Ssh.java:16)
Caused by: com.jcraft.jsch.JSchException: UnknownHostKey: 192.168.153.100. RSA key fingerprint is e1:0d:e1:2a:05:9c:ad:f8:52:4a:ca:08:ba:08:0c:c9
    at com.jcraft.jsch.Session.checkHost(Session.java:730)
    at com.jcraft.jsch.Session.connect(Session.java:317)
    at com.jcraft.jsch.Session.connect(Session.java:158)
    at fr.in2p3.jsaga.adaptor.ssh.SSHAdaptorAbstract.connect(SSHAdaptorAbstract.java:159)
    ... 8 more

Assume that I cannot change my known_hosts file, so I would like to switch off "StrictHostKeyChecking" to avoid this exception/checking. Is it possible somehow?

Thanks,
Akos Hajnal

RE: SFTP UnknownHostKey - Added by Schwarz Lionel almost 6 years ago

Akos, if you do not want StrictHostKeyChecking, then you do not need any KnownHosts file. So remove the attribute from the context (it is set by default to the value ".ssh/known_hosts"):

ctx.removeAttribute("KnownHosts");

Lionel

RE: SFTP UnknownHostKey - Added by Hajnal Akos almost 6 years ago

I get exception for the code below:

DoesNotExist: Attribute KnownHosts does not exist
    at fr.in2p3.jsaga.impl.attributes.AbstractAttributesImpl.removeAttribute(AbstractAttributesImpl.java:118)
    at Ssh.main(Ssh.java:14)
            Context ctx = ContextFactory.createContext("UserPass"); 
            ctx.setAttribute(Context.USERID, "root");
            ctx.setAttribute(Context.USERPASS, "***");
            ctx.removeAttribute("KnownHosts");
            session.addContext(ctx);

Maybe I still missing something...

Akos

RE: SFTP UnknownHostKey - Added by Schwarz Lionel almost 6 years ago

Sorry, the code shown in previous messages:

ctx.removeAttribute("KnownHosts");

does not work since "KnownHosts" is not an attribute of the security context, but an attribute of the data service associated with the context.

With the latest 0.9.16-SNAPSHOT, it is possible to disable the use of the known_hosts file with:

ctx.setVectorAttribute("DataServiceAttributes", new String[]{"sftp.KnownHosts="});

Lionel

RE: SFTP UnknownHostKey - Added by Hajnal Akos almost 6 years ago

Thanks, the new version works fine!

Akos

(1-6/6)