All geek questions in one place

What are the main JSch and sharpSSH file formats?

I am considering setting up client and public key server authentication for SFTP using the JSch library (or actually sharpSSH its C # port). Unfortunately, I can not find the documentation for the file formats used by the key loading functions:

jsch.addIdentity(filename, passphrase); jsch.setKnownHosts(filename);

What file format is used by the private key and files of known hosts?

+4
source share
1 answer

JSch uses OpenSSH file format (for both public and private keys). I did not find the specifications for this format, but you can use the OpenSSH ssh-keygen tool to convert keys from / to other formats (and Google will show other tools to convert from / to even more formats).

Update:. After querying the OpenSSH mailing list and reading some RFCs, it looks like the public OpenSSH public key file contains (for version 2 keys) the public key, as specified in RFC 4253 (section 6.6) , only with base64 cover around it (and the key type as prefix, and comment field as postfix). I have not yet found the specification of the private key file.

Unfortunately, the official documentation for JSch is practically absent, but I wrote several Javadocs for it. (Although, it seems, not to mention the key file format ... I have to fix it.) There is also Manual in the JSch Wiki containing a public key authentication page (which also does not mention the key format: - /).

The known hosts file is also in the same format as the corresponding OpenSSH client file. The format is presented in the OpenSSH sshd man page , SSH KNOWN HOSTS FILE FORMAT section:

Each line in these files contains the following fields: markers (optional), host names, bits, exponent, module, comment. Fields separated by spaces.

This is only true for SSH 1 RSA keys. For SSH 2 keys, you have an identifier like ( ecdsa-sha2-nistp256 , ecdsa-sha2-nistp384 , ecdsa-sha2-nistp521 , ssh-dss or ssh-rsa ), and then a base-64 encoded key. (See Bit on the same page of the manual, for an authorized key file). (I think JSch only supports DSA and RSA key formats, no ECDSA.)

Note that lines in these files usually contain hundreds of characters for a long time, and you definitely do not want to enter host keys manually. Rather, generate them using a script, ssh-keyscan (1) or / etc / ssh / ssh _host_key.pub and adding the hostnames in front. ssh-keygen (1) also offers some basic automatic editing for ~ / .ssh / known_hosts, including removing hosts matching the host name and converting all host names to their hashed representations.

+8
source

Source: https://habr.com/ru/post/1381034/

More articles: