Search code examples
javaandroidapachesshsshd

Apache Mina SSHD setKeyPairProvider save generated keys (Android)

In Apache Mina SSHD Github documentation https://github.com/apache/mina-sshd#configuring-the-server-instance we can see section "KeyPairProvider".

In this section we can see

It's usually a good idea to save generated keys, so that if the SSHD server is restarted, the same keys will be used to authenticate the server and avoid the warning the clients might get if the host keys are modified.

My question is how to save generated keys because every time when I make restart server in Terminal I can see message

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

And I need to go in /.ssh/known_hosts and delete for IP address generated "sha-rsa" key.

I tried few ways

1.) Way

if(SecurityUtils.isBouncyCastleRegistered()){
   PEMGeneratorHostKeyProvider hostKeyProvider = new PEMGeneratorHostKeyProvider(new File("myapp.pem").getAbsolutePath());
   hostKeyProvider.setAlgorithm("RSA");
   sshd.setKeyPairProvider(hostKeyProvider);
}else{
   SimpleGeneratorHostKeyProvider hostKeyProvider = new SimpleGeneratorHostKeyProvider(new File("myapp.ser").getAbsolutePath());
   hostKeyProvider.setAlgorithm("RSA");
   sshd.setKeyPairProvider(hostKeyProvider);
}

2.) Way

First generate "keystore" file.

keytool -genkey -keystore "app.keystore" -keyalg RSA

sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider("app.keystore", "RSA"));

3.) Way

sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider("hostkey.ser"));

4.) Way

First generate "PEM" file.

openssl req -x509 -nodes -days 365000 -newkey rsa:1024 -keyout app.crt -out app.crt

openssl pkcs12 -export -in app.crt -out app.p12

openssl pkcs12 -in app.p12 -out app.pem

PEMGeneratorHostKeyProvider hostKeyProvider = new PEMGeneratorHostKeyProvider(new File("app.pem").getAbsolutePath());
hostKeyProvider.setAlgorithm("RSA");

or

PEMGeneratorHostKeyProvider hostKeyProvider = new PEMGeneratorHostKeyProvider("app.pem");
hostKeyProvider.setAlgorithm("RSA");

and put

sshd.setKeyPairProvider(hostKeyProvider);
Solution

  • This is how I did it:

    import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleGeneratorHostKeyProvider

...

server.setKeyPairProvider(new BouncyCastleGeneratorHostKeyProvider(Paths.get("ssh.pem")))

    I have no idea how I generated the pem file..