Using required hostkey in winscp.com versus VB.NET and dll

Advertisement

Master468
Joined:
Posts:
4

Using required hostkey in winscp.com versus VB.NET and dll

I'm looking to retrieve a file via SFTP from several remote systems (I've already connected to all the systems and the keys have been added to Putty's cache).

When using winscp.com I can use:
open sftp://username:password@10.22.49.14/ -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
This works correctly for any IP I use.

When I try this using VB.NET and the DLL it doesn't.
.SshHostKeyFingerprint = "ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
I get an error Error:
System.ArgumentException: SSH host key fingerprint does not match pattern
The only way I have gotten this to work so far is to enter the specific key
.SshHostKeyFingerprint = "ssh-rsa 2048 9e:f1:1e:93:91:37:ed:dd:ee:51:4e:c4:66:6f:bb:68"
I have a lot of systems to connect to (and new ones will be added as well) and prefer not to hard code all the keys in my application. Is there a way to get this to work like winscp.com so I can just use "xx:xx:xx..." for all the systems I connect to?

Reply with quote

Advertisement

kamii47
Joined:
Posts:
4

RE: using required hostkey in winscp.com versus VB.net and dll

Why not you put the keys in some configurations?
It is not possible to recognized xxxx as your actual key

Reply with quote

Master468

All configurations have keys and they are already stored on the system. This works using winscp.com. What I want to know is there a way to do this via VB.NET/dll?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: using required hostkey in winscp.com versus VB.net and dll

Master468 wrote:

I'm looking to retrieve a file via SFTP from several remote systems (I've already connected to all the systems and the keys have been added to Putty's cache).

When using winscp.com I can use:
open sftp://username:password@10.22.49.14/ -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
This work's only because you have the key in the cache.
The actual -hostkey switch has an invalid syntax and is effectively ignored. You could have used -hostkey="huhu" with the same effect.

It is actually not recommended to have the script rely on WinSCP GUI configuration:
https://winscp.net/eng/docs/scripting#configuration

The assembly is a step further, it won't use the GUI configuration.

The expected server's host key is a part of the session setup and should be provided in the code the same way you provide the hostname and credentials.

Reply with quote

Master468
Joined:
Posts:
4

Thanks @Martin.

Following the link you referenced I went to the page "converting your script to code that uses WinSCP .NET assembly." There is showed a script converted to PowerShell code with setup as follows:
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions
$sessionOptions.Protocol = [WinSCP.Protocol]::Sftp
$sessionOptions.HostName = "example.com"
$sessionOptions.UserName = "user"
$sessionOptions.Password = "password"
$sessionOptions.SshHostKeyFingerprint = "ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
 
$session = New-Object WinSCP.Session
This shows the use of "ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" which is what I am trying to accomplish in VB.NET but it is not working. Is there a reason this does not work in VB.NET?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

The example shows that you convert
-hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
to
$sessionOptions.SshHostKeyFingerprint = "ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
The xx:xx:xx:... is just a placeholder for the actual key fingerprint, not a literal value.

If you use the literal xx:xx:xx:... in the script, it is ignored. If the script works with the xx:xx:xx:..., it means the script relies on the GUI configuration for the host key verification, what is not recommended. Just as if the -hostkey switch was not even present.

The assembly cannot use the GUI configuration. Hence, there's no way to convert script that relies on GUI configuration to the .NET assembly. In the .NET assembly you have to explicitly provide the host key fingerprint (just as is recommended in the script).

Reply with quote

Advertisement

You can post new topics in this forum