removed insecure code that might cause Man-in-the-middle attack

src/main/java/net/limework/networking/AppleTunneler.java

@@ -7,6 +7,8 @@ import org.bukkit.plugin.java.JavaPlugin;
 import org.bukkit.scheduler.BukkitRunnable;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 
 public class AppleTunneler extends JavaPlugin {
 
@@ -17,10 +19,7 @@ public class AppleTunneler extends JavaPlugin {
         if (sshSession != null) {
             sshSession.disconnect();
         }
-        java.util.Properties config = new java.util.Properties();
-        config.put("StrictHostKeyChecking", "no");
         sshSession = jsch.getSession(getUsername(), getHost(), getPort());
-        sshSession.setConfig(config);
         sshSession.connect(2000);
         loadRemoteToLocalPortForwarding();
     }
@@ -59,12 +58,26 @@ public class AppleTunneler extends JavaPlugin {
         }
     }
 
+    private void loadKnownHostFile() throws FileNotFoundException, JSchException {
+        File knownHosts = new File(getDataFolder(), ".known_hosts");
+        if (knownHosts.isDirectory()) {
+            knownHosts.delete();
+        }
+        if (!knownHosts.exists()) {
+            getLogger().severe("FILE at path: " + knownHosts.getAbsolutePath() + " Does not exists");
+            throw new RuntimeException("Known host file does not exists in plugin folder");
+        }
+        this.jsch.setKnownHosts(new FileInputStream(knownHosts));
+
+    }
+
     @Override
     public void onEnable() {
         this.saveDefaultConfig();
         try {
             loadIds();
-        } catch (JSchException e) {
+            loadKnownHostFile();
+        } catch (JSchException | FileNotFoundException e) {
             throw new RuntimeException(e);
         }
         try {

src/main/resources/config.yml

@@ -4,7 +4,7 @@
 username: apple
 # host eg: domains can be used.
 host: 192.168.0.100
-# port
+# ssh port
 port: 22
 
 # Syntax is "local-port:remote-host:remote-port"