public virtual bool Verify(HostKeyVerificationData arguments)
{
var options = arguments.Session.Options;
var host = options.HostKeyAlias ?? arguments.Session.HostAsString();
var matches = KnownHosts.SearchFor(host, arguments.Session.Options);
/* we've never seen this host before, so just automatically add the key.
* not the most secure option (since the first hit might be the one that
* is hacked), but since almost nobody actually compares the key
* fingerprint, this is a reasonable compromise between usability and
* security.
*/
if (matches.Length == 0)
{
var ip = arguments.Session.Peer.IPAddress;
KnownHosts.Add(host, arguments.Key, arguments.Session.Options);
return true;
}
// If we found any matches, check to see that the key type and
// blob also match.
var found =
matches.Any(key => key.SshType == arguments.Key.SshType && key.ToBlob() == arguments.Key.ToBlob());
//If a match was found, return true. Otherwise, raise an exception
//indicating that the key was not recognized.
return found || ProcessCacheMiss(host, arguments);
}
/// <summary>
/// Tries to determine if the connection is being tunnelled, and if so,
/// returns true. Otherwise, performs the standard strict verification.</summary>
/// <param name="arguments"></param>
/// <returns></returns>
public override bool Verify(HostKeyVerificationData arguments)
{
if (IsTunneled(arguments))
return true;
return base.Verify(arguments);
}
private static bool IsTunneled(HostKeyVerificationData arguments)
{
if(arguments.Session.Port == Transport.Session.DefaultPort)
return false;
var ip = arguments.Session.Peer.IPAddress;
return IPAddress.IsLoopback(ip);
}
private static bool ProcessCacheMiss(string host, HostKeyVerificationData args)
{
var exception =
new HostKeyMismatchException(
string.Format("fingerprint {0} does not match for {1}", args.Fingerprint, host));
exception.VerificationData = args;
exception.Callback = () => KnownHosts.Add(host, args.Key, args.Session.Options);
throw exception;
}
public bool Verify(HostKeyVerificationData arguments)
{
return true;
}
