What is config.put ("StrictHostKeyChecking", "no") in JSch

Question

What is config.put ("StrictHostKeyChecking", "no") in JSch

java.util.Properties config = new java.util.Properties();            
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);

In the above code, we need to set the value StrictHostKeyCheckingas nowhen connecting to SFTP via the JSch API?

+4

java ssh public-key sftp jsch

king ramesh Jul 21 '14 at 7:01

source share

2 answers

Martin Prikryl · Answer 1 · 2014-07-21T07:19:42+0000

You should not really install it. You lose most of SSH / SFTP security by doing this.

The option tells the JSch SSH / SFTP library not to verify the public key of the SSH / SFTP server. You are vulnerable to a man-in-the-middle attack if you do not verify the public key. Of course, if you do not connect to a private trusted network (therefore, you do not need security / encryption).

SSH/SFTP:
https://www.symantec.com/connect/articles/ssh-host-key-protection
https://winscp.net/eng/docs/ssh_verifying_the_host_key

liaozq · Answer 2 · 2017-11-29T08:04:57+0000

StrictHostKeyChecking: | | default: ask yes'', jsch will never automatically add host keys to the $HOME/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This property forces the user to manually add all new hosts. If this property is set to no '', jsch . `` ask '', , , , jsch , .

What is config.put ("StrictHostKeyChecking", "no") in JSch

More articles: