I have two servers with trusted connection. I want to transfer files through SFTP by connecting through ssh without Host Key Verification.
I am using Java 1.7 and Redhat Linux OS.
Previously i was using j2ssh-core0.2.9.jar in which i could connect to ssh like below :
SshConnectionProperties properties = new SshConnectionProperties();
SshClient ssh = new SshClient();
properties.setHost(host);
properties.setPort(port);
ssh.setSocketTimeout(readTimeOut);
ssh.connect(properties,new IgnoreHostKeyVerification());
In j2ssh maverick,
SshConnector con = SshConnector.createInstance();
con.getContext().setHostKeyVerification(
new ConsoleKnownHostsKeyVerification());
con.getContext().setPreferredPublicKey(
Ssh2Context.PUBLIC_KEY_SSHDSS);
SocketTransport t = new SocketTransport(hostname, port);
t.setTcpNoDelay(true);
SshClient ssh = con.connect(t, username);
Ssh2Client ssh2 = (Ssh2Client) ssh;
Please suggest how to achieve this in j2ssh maverick.
To connect without host key verification you just need to remove the following code fro the J2SSH Maverick snippet
con.getContext().setHostKeyVerification(
new ConsoleKnownHostsKeyVerification());
However you are removing an important part of the protocol that authenticates the server. Leaving you fully open to a man-in-the-middle attack.