EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TrustedKeys and OnKeyValidate

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#19851
Posted: 04/19/2012 08:44:21
by Andy Gardner (SUPPORT DISABLED)
Joined: 02/17/2012
Posts: 51

I've been looking at the "Validate the key sent by the server" article on how to implement OnKeyValidate properly, and I am a bit confused about the TrustedKeys property.

The article says that should only be one valid key per host (though there could be multiple hosts with the same key), and if the key does not match the key for the host, this could be an indication of a problem.

Looking at the TrustedKeys property, it is of the type ElSSHCustomKeyStorage, but that class does not appear to associate a key with a host. Are the TrustedKeys and the ServerKey two different concepts, or am I missing something?

Thanks,

Andy
#19853
Posted: 04/19/2012 08:49:51
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

TrustedKeys property is used to specify public keys of the trusted SSH servers. If the server sends one of the trusted keys, OnKeyValidate event is not fired.

If this property is not used then OnKeyValidate is fired.

Both don't associate keys with hosts. Its your job to associate them if needed.
#19856
Posted: 04/19/2012 10:12:54
by Andy Gardner (SUPPORT DISABLED)
Joined: 02/17/2012
Posts: 51

How would I associate a key in TrustedKeys with a server? If a server sends a key in TrustedKeys, OnKeyValidate is not fired. Is TrustedKeys for keys that should be accepted regardless of the server that sends it?
#19858
Posted: 04/19/2012 10:46:48
by Vsevolod Ievgiienko (EldoS Corp.)

You can act as most of SSH clients do. When user connects to a server the 1st time your application asks him if he trusts a key sent by this server (via OnKeyValidate event). If user answers 'Yes' then this key is added into some internal database and is associated with the server address (its your job to implement this). Next time when users connects to this server your application checks if server address is stored in the database and checks corresponding key.

Quote
Is TrustedKeys for keys that should be accepted regardless of the server that sends it?

Yes.

Reply

Statistics

Topic viewed 765 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!