Closed hisham closed 7 years ago
I tested ECDSA support on Ubuntu 14.04 (Circle CI) and Java based SSH server but it may be not perfect. known_hosts
problem confuses many users, so I will add the feature automatically adding host key in the next release.
Ok thanks!
Adding host key feature has been released in 2.6.0. Please try it.
I'm not sure I completely understand this. Is it correct that currently, if a SSH client uses/prefers a ecdsa-sha2-nistp256 host key, one can only get it to work by using knownHosts = addHostKey(file(...))
? If that's correct, this solution is incompatible with strict security policies (which we have): whenever the host keys file does not yet exist or does not yet contain the key for a host, any key that the server sends will be accepted (which is vulnerable to man-in-the-middle attacks).
BTW I am still getting the issue with the latest 2.8.0 plugin.
Env info: gradle-ssh-plugin-2.8.0 (groovy-ssh-2.8.0, jsch-0.1.53, groovy-2.4.4, java-1.8.0_45)
Nevermind - it works after adding knownHosts = addHostKey(file("${System.properties['user.home']}/.ssh/known_hosts"))
in the settings.
Was getting reject HostKey error when connecting to host. Saw that I had a "ecdsa-sha2-nistp256" type key for the server in my known hosts file.
Setting "knownHosts = allowAnyHosts" resolved it but I didn't feel good about that. So what I did is used ssh-keyscan on the host to get the ssh-rsa key for the host and then added that manually to the known hosts file. Now gradle ssh worked without the "knownHosts = allowAnyHosts" config.
I saw issue #55 and this issue seems fixed but it was still occurring for me. Environment info is below. Are we sure ECDSA is fully supported?
Environment info
gradle-ssh-plugin-2.4.2 (groovy-ssh-2.4.2, jsch-0.1.53, groovy-2.4.4, java-1.8.0_45)