Connect to ssh without Host Key Verification using j2ssh maverick

Question

I have two servers with trusted connection. I want to transfer files through SFTP by connecting through ssh without Host Key Verification.

I am using Java 1.7 and Redhat Linux OS.

Previously i was using j2ssh-core0.2.9.jar in which i could connect to ssh like below :

SshConnectionProperties properties = new SshConnectionProperties();
SshClient ssh = new SshClient();            
properties.setHost(host);
properties.setPort(port);               
ssh.setSocketTimeout(readTimeOut);
ssh.connect(properties,new IgnoreHostKeyVerification());

In j2ssh maverick,

        SshConnector con = SshConnector.createInstance();
        con.getContext().setHostKeyVerification(
                new ConsoleKnownHostsKeyVerification());
        con.getContext().setPreferredPublicKey(
                Ssh2Context.PUBLIC_KEY_SSHDSS);
        SocketTransport t = new SocketTransport(hostname, port);
        t.setTcpNoDelay(true);
        SshClient ssh = con.connect(t, username);
        Ssh2Client ssh2 = (Ssh2Client) ssh;

Please suggest how to achieve this in j2ssh maverick.

What's wrong with the j2ssh code that you posted? Please describe your specific problem. — Kenster, Sep 11 '15 at 13:29
@Kenster There are no updates after 2009 for j2ssh-core0.2.9. So opted to go for j2ssh maverick. There are some bugs also in j2ssh-core and no support also. — SidB, Sep 11 '15 at 13:41

score 3 · Accepted Answer · answered Sep 11 '15 at 17:58

To connect without host key verification you just need to remove the following code fro the J2SSH Maverick snippet

con.getContext().setHostKeyVerification(
                new ConsoleKnownHostsKeyVerification());

However you are removing an important part of the protocol that authenticates the server. Leaving you fully open to a man-in-the-middle attack.

Connect to ssh without Host Key Verification using j2ssh maverick

1 Answers1