0

i try to connect to sftp server in my local machine i generate the knownHosts file with the command ssh and i use it like jsch.setKnownHosts(knownHosts); but i would to run my job in other machine wish i didn't have access to his knownHosts file

so i decided to disable the check of this rsa key and i wont to know if the action is safe i will use this line to disable it

session.setConfig("StrictHostKeyChecking", "no");
amato rahman
  • 1
  • 5

1 Answers1

0

The question itself has a comment about its safety, but I would like to add that if you don't want to have the StrictHostKeyChecking set as "no", and do not want to rely on a knownHosts file, I would recommend you to:

1) Generate the host fingerprint in a way that's compatible with Jsch, please refer to this question. You can output the generated fingerprint to another file or elsewhere as needed.

2) You can then get the generated value and store it as a variable (environment variable, config file, property, etc.) so that your application can use it. You can pass this fingerprint (not filepath) to Jsch with the setKnownHosts method.

kamui
  • 3
  • 5
  • the problem my application will run in other environment that i don't have access to generate this key – amato rahman Mar 05 '20 at 09:51
  • I see. Do you have some network restrictions that block you from reaching the target server? If there's no restriction, you should be able to generate the fingerprint. If it's because of another problem, you can generate the fingerprint on a machine that can reach the server, and just use that same generated value, it should work fine as well even if you don't generate it on the machine where you will use it. – kamui Mar 06 '20 at 03:51