|
|
Question : Problem: Generating PuTTY SshHostkeys (hashed) from a hostkey
|
|
So. We have OpenSSH on our servers. In an application I wrote, we make a connection to that server using Plink in a batch.
However, at first connect, it will ask us if you want to accept the Server Host key. This is the base security model, to prevent man-in-the-middle attacks.
However, my application is running this, in a batch script, and it's impossible to answer that question, which causes my application to hang.
I can circumvent this by connecting to putty first manually and accepting the key. This creates a Registry key in HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys
for example: key name: rsa2@22:192.168.2.168 value: 0x23,0xb4f03e7341bd5890474d34ac607719fb8af5856f9d005d3fd027cb8a247e5b3b451db126b6bb5d2184182bef5fc3a3bb4d9e76d9e41184500f5535830ddd21e7dcbab0a7db9dc557ca0ea73e8e046bff8ab56af87c70b019cdab4947f4c941667096d965c9347cf55882a5df929af93ad2e7ba0dcb8b682f0d5d1b1f7c495aa3d9834f48a2829372c93213592eed3410734b5aa9f4ad895cab599e1010d48fc966b3ee908141b1b621f0720882ec8259a187cab492135fe9f658298f8c356943ade8c0889456010a2b2e9a80bb0583baa60c99ea3465304bf7c99e6c5787a1bbf487e76806c0e414439f577caa1607e002a1330ed111c75c0e6fbc2c8be0d0ad
This is what I know do in the script. I set the registry key myself, before running the plink connection. this works perfectly. However, I want to do this fully automated. Right now, I have to generate the value of that regkey first by running PuttY on a client, connecting manually, and copying the regkey.
To maintain our security, we want to send the SshHostKeys over a secure SSL connection, and set them in the registry every time before we connect. That way, the key would be verified, and get accepted.
Therefor, I need the value that Putty puts in the registry key. I have the SSH Host key, but PuTTY seems to hash it, or encrypt it in some way, before it puts it in the registry. How do they do that? Using what algorithm/seed?
Simply put: I have the server host key. How do I convert it into a registry key that PLink/PuTTY will accept?
|
Answer : Problem: Generating PuTTY SshHostkeys (hashed) from a hostkey
|
|
Found a solution. I'm now doing the following in a bash script:
ssh-keyscan -t rsa localhost | getHostKey.py
ssh-keyscan -t rsa localhost: this will generate a line, in the format of a known_hosts file.
I pipe that to getHostKey.py, which is a slightly modified version of kh2reg.py, as recommended by PuTTY, which will write the regkey value to a settings file on my server which I then use in the rest of my application.
The original kh2reg.py script: http://svn.tartarus.org/putty/contrib/kh2reg.py?view=markup
|
|
|
|