Host key offered

Advertisement

bigredeo
Joined:
Posts:
3

Host key offered

I have a number programs working using SFTP in WinSCP, but have a question. I am using a private/public key option (key given to me by the administrator) to connect. Now I am trying to go about adding the host key as well. Currently, I am just using "host-key=*", but what we'd like to do is have a script that reads the log after the first time SFTP is used to grab the host key, stuff it in a file, and have that utilized by all our WinSCP scripts. In the WinSCP logs, at one point it will read

2020-01-15 10:36:13.402 Host key fingerprint is:
2020-01-15 10:36:13.402 ssh-ed25519 256
1a:a1:11:22:33:c4:55:66:7d:88:aa:dd:2e:39:99:37
814C/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx/r/84DA=

This is not EXACTLY the key offered, but you get the idea. I tried copying the key directly from the log and using it as the host key, but could not get it to work after several different variations. I finally figured out that what WinSCP was looking for as the key was the first line and third line combined:

"ssh-ed25519 256 814C/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx/r/84DA="

as further down below it showed "host key offered" as the line above - notably minus the second line that shows when I had "host key=*"

Is that correct? Is there a reason for the log showing "host key offered" and it having that second line in there when I use the wild card as opposed to inputting an actual host key?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,453
Location:
Prague, Czechia

Re: Host key offered

The line after "Host key fingerprint is:" has this format:
keytype bits md5 sha1
What goes to -hostkey is either keytype bits sha1 (more secure) or keytype bits md5.

Though a better way to collect the host key automatically is using Session.ScanFingerprint method:
https://winscp.net/eng/docs/library_session_scanfingerprint

For an example, see
https://winscp.net/eng/docs/library_example_known_hosts

Btw, there's no "Host key offered" message in WinSCP.

Reply with quote

Advertisement

You can post new topics in this forum