public virtual bool Verify(HostKeyVerificationData arguments) { var options = arguments.Session.Options; var host = options.HostKeyAlias ?? arguments.Session.HostAsString(); var matches = KnownHosts.SearchFor(host, arguments.Session.Options); /* we've never seen this host before, so just automatically add the key. * not the most secure option (since the first hit might be the one that * is hacked), but since almost nobody actually compares the key * fingerprint, this is a reasonable compromise between usability and * security. */ if (matches.Length == 0) { var ip = arguments.Session.Peer.IPAddress; KnownHosts.Add(host, arguments.Key, arguments.Session.Options); return true; } // If we found any matches, check to see that the key type and // blob also match. var found = matches.Any(key => key.SshType == arguments.Key.SshType && key.ToBlob() == arguments.Key.ToBlob()); //If a match was found, return true. Otherwise, raise an exception //indicating that the key was not recognized. return found || ProcessCacheMiss(host, arguments); }
/// <summary> /// Tries to determine if the connection is being tunnelled, and if so, /// returns true. Otherwise, performs the standard strict verification.</summary> /// <param name="arguments"></param> /// <returns></returns> public override bool Verify(HostKeyVerificationData arguments) { if (IsTunneled(arguments)) return true; return base.Verify(arguments); }
private static bool IsTunneled(HostKeyVerificationData arguments) { if(arguments.Session.Port == Transport.Session.DefaultPort) return false; var ip = arguments.Session.Peer.IPAddress; return IPAddress.IsLoopback(ip); }
private static bool ProcessCacheMiss(string host, HostKeyVerificationData args) { var exception = new HostKeyMismatchException( string.Format("fingerprint {0} does not match for {1}", args.Fingerprint, host)); exception.VerificationData = args; exception.Callback = () => KnownHosts.Add(host, args.Key, args.Session.Options); throw exception; }
public bool Verify(HostKeyVerificationData arguments) { return true; }