0

I program an application in Java. This application make a connection between two PC (One Windows and One Linux). My application must make a connection and make few commands. Among commands, I want transfer a file.

This connection is a SSH Connection with SCP protocol.

I succedded make a connection with JSCH, I find command for transfer a file but I have a problem at this moment.

My command for transfer the file is : 

scp -r -p path1 ***@***.***.***.***:path2;

But when I launch the programm, I have this message : 

Host '***.***.***.***' is not in the trusted hosts file.
(fingerprint md5 CLE)
Do you want to continue connecting? (y/n)

But, this message is in my console, in my Java application, so I don't send y or n. I make more search for known_host but that did not give anything.

I try this : 

jsch.setKnownHosts(System.getProperty("user.home") + "/.ssh/known_hosts");
session.setConfig("StrictHostKeyChecking", "no");

Or this (in my file hosts): 

ssh -o StrictHostKeyChecking=no username@hostname.com

Or this : 

Host 192.168.0.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

But nothing works, I do not understand logic. Which host file should we modify? Which of the PCs I want to connect to, or which PC is connecting?

If you want more details of my program, say it to me.

Thanks !

Tom Laratte
  • 1
  • 1
  • 1

2 Answers2

1

If you're still interested.

StrictHostKeyChecking is a security measure used to counter man-in-the-middle attacks. When you connect to a new server via SSH, it notifies the user that this is a new computer and I never connected to this before therefore I don't trust it so what do you wanna do. That's basically what this message means.

Host '***.***.***.***' is not in the trusted hosts file.
(fingerprint md5 CLE)
Do you want to continue connecting? (y/n)

If you say yes, it will add the public key of that server to the $HOME/.ssh/known_hosts of the machine running the ssh user@ip. Something like this:

192.168.1.136 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJj/87wetLDd27TX+JEIPxWZbu4DJXjYYM9IQZoCKBCi8H66cXgrT4M0Vf9x8OE7R8Vnz5JkVnnAoic311mQB44=

In the case of a man-in-the-middle attck, you'll see something like this:

user@hostname ~]$ ssh user@ip
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/hostname/.ssh/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

This message is common if you reprovision a server on the same IP as the one you connected in the past, for that you need to delete the line 4 and you've to go through the trusting process again.

PuTTY request password

With SSH you can use a Private Key Public key authentication or Password. Most system administrators remove the password feature as this can give hackers an advantage to use something like brute force or rainbow table to gain access.

To get rid of the password, you need to add the public key of your machine (one that runs the java) in the server's $HOME/.ssh/authorized_keys file.

This command will print the public key of the currently used private key: ssh-add -L. Or you can find this in your machine $HOME/.ssh/id_*.pub. * will be some word depending on the type of key, most likely rsa. Since you're using Putty second approach is what you need to take. If you don't have an SSH key, Putty can create a one for you as well.

Now it will not ask your password next time you try to login.

Prav
  • 129
  • 6
0

It is the ~/.ssh/known_hosts file. Did you verify that the file is getting updated with the correct key? As as a test you can try to ssh from the command line and then accept the public key. This way the host will be added to your ~/.ssh/known_hosts and then you should not get the error anymore. Usually StrictHostKeyChecking no is not a good practice for security.

Tux_DEV_NULL
  • 1,093
  • 7
  • 11
  • But where is the file ~ / .ssh / known_hosts ? I don't found this file ! Whether it is on my transmitting PC or the receiving PC! I don't can verify because I don't found this file .. what does it mean ~ ? which path ? I should make this command the first time in cmd and after my program work ? – Tom Laratte Jul 04 '18 at 09:29
  • okay, it's good ! I try this command with PuTTy and it's good, it's work ! I don't have the question "Do you want to continue connecting ?" but now, I have a second problem... After this question, my Java application or PuTTY request password.. How to prevent this or how make this in Java ? – Tom Laratte Jul 04 '18 at 11:31
  • there should be a .ssh folder in the home directory of the user. this is the transmitting machine where you run the ssh command. If it is asking for password that usually means the two machines do not have trusted ssh key installed. So you need to look into how to setup password less ssh connection with keys (if that is your intention/requirement). Otherwise you need to use/provide the password. – Tux_DEV_NULL Jul 04 '18 at 12:54