artifactory_ssh_proxy icon indicating copy to clipboard operation
artifactory_ssh_proxy copied to clipboard

Published 20 hours ago verified publisher icon YahooArchive

support multiple hostkeys

Open yuta1024 opened this issue 6 years ago • 0 comments

This PR supports multiple hostkeys.

As background, OpenSSH 7.0 and greater disabled ssh-dss by default. Therefore, I'm considering that switch DSA to RSA. However, needed backward-compatible for environments of using DSA.

A example of settings of multiple hostkeys in sshd_proxy.properties

sshd.root=developer_config
sshd.port=2222
sshd.artifactoryUrl=http://localhost:4080/artifactory
# use the default.
sshd.artifactoryUsername=admin
sshd.artifactoryPassword=password

# run artifactory in the same jvm
sshd.jetty.port=4080
sshd.jetty.webapp.dir=developer_config/webapps

# hostkey setting
sshd.hostKeyPath=./developer_config/conf/sshd_proxy/ssh_host_dsa_key,./developer_config/conf/sshd_proxy/ssh_host_rsa_key

The following outputs are results that verify support multiple hostkeys using above settings.

$ ssh -o HostKeyAlgorithms="ssh-dss" -p 2222 localhost
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
DSA key fingerprint is 38:49:a1:28:12:5c:dd:41:69:d7:0b:41:7b:86:57:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (DSA) to the list of known hosts.
*---------------------------------------------------*
|               _  _ _  _|    _-|-. _  _            |
|    this is a |_)| (_)(_||_|(_ | |(_)| | server    |
|              |                                    |
*---------------------------------------------------*
Connection to localhost closed.

$ ssh -o HostKeyAlgorithms="ssh-rsa" -p 2222 localhost
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is 24:08:6f:00:7f:38:6d:27:0d:fd:42:5e:e9:be:fb:15.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
*---------------------------------------------------*
|               _  _ _  _|    _-|-. _  _            |
|    this is a |_)| (_)(_||_|(_ | |(_)| | server    |
|              |                                    |
*---------------------------------------------------*
Connection to localhost closed.

yuta1024 avatar Mar 07 '18 02:03 yuta1024