SFTP: proper ssh server authentication
Implement proper authentication of the remote ssh server, to protect from rogue services and MitM.
Consists of the following:
- Prompt the user for confirmation when connecting to an unknow server by presenting the server's public key's fingerpring and asking if it's correct.
- Store servers' public keys to avoid prompting the user on subsequent connections and for detecting unexpected public key changes.
- Provide capability to edit the known hosts store, à la known_hosts file.
To improve system security, avoid storing any information related to SFTP on user storage locations. Store everything in private app data. Limit sdcard usage to import/export functionality, which should also be avoided due to universal read access from all apps.
Auth private keys location is now moved to an internal app folder and the key manager feature has been added.
-
Wokkocher commented
public key fingerprint verification is the one security thing ssh needs or you can just use normal FTP
-
Anonymous commented
This is a *must*. The security of the SFTP connection is simply pointless if host public key fingerprints cannot be inspected and verified.
-
João Matos commented
I have no experience in Android development and my familiarity with the platform is as a power user. If any of what I said doesn't make sense, I would appreciate it if someone could correct me.