Discuss this help topic in SecureBlackbox Forum

Maintain a database of trusted SSH keys

A typical client would maintain a database of 'known' ('trusted') server keys locally to simplify the authentication process for known servers. It makes sense to follow the rules given below when implementing key caching in your client-side SSH application.

  1. Keep your keys in a disk file and use TElSSHMemoryKeyStorage component to read and make any changes to it. It makes sense to set up its access rights in the way which prevents third parties from editing this file.
  2. When you receive a key from a server within the authentication procedure (this will typically be an OnKeyValidate event of the SSH client class), look for the received key in the storage. You can look for the key by comparing the fingerprint of the received key with the fingerprints of keys contained in the storage.
  3. If the key object was found, additionally compare that the host name stored with the key in the Subject field matches the host name which you are connecting to, and that its algorithm matches the algorithm of the received server key. If the properties match, the endpoint can be considered trusted and you can go ahead with the negotiation by returning Valid=true.
  4. If the key was not found in the list, report that fact to the user and ask them to confirm the genuineness of the key. Let the user know that it's their responsibility to ensure that the key is legitimate, and that neglecting this procedure will make the security offered by their SSH connection void. Be insistive. It might make sense to introduce 'trust once' option for that single connection if there is no possibility for the user to confirm the integrity of the key at that particular moment in time.
  5. If the user confirms that the key is trusted, add the key to the trusted list together with the host name.
  6. Note that the same SSH endpoint may have several different keys attached to it, for different public key algorithms (RSA, DSS, ECDSA). Therefore it is highly not recommended to use a hostname-based hash table to manage the keys.

How To articles about SSH keys

Discuss this help topic in SecureBlackbox Forum