Topic "Auto-accept host key in .NET Assembly"

Author Message
JohnStraka
[View user's profile]
Donor
Joined: 2011-04-11
Posts: 2
Location: Florida
About a year ago, I used the WinSCP command-line interface for automating SFTP usage. I wanted to revise my code that used this so I checked out the site to see what changes might have been made. I was very happy to see that a .NET assembly is now offered, as it will save me a ton of time. It works great for me so far, however there is one big issue - being unable to automatically accept host keys. I used this option when using the command-line interface. We connect with many SFTPs, some of them change their key weekly. Manually keeping track of and storing keys, or manually accepting changes and setting Session.DefaultConfiguration to false in our code, would be untenable as the intent is for this code to run on a schedule without any user intervention. Being able to automatically accept host keys in the assembly would be great!
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
So why are you using SFTP at all? Accepting any hostkey breaks the security. You can use plain FTP instead.

Anyway, I plan to add an event to implement custom way of verifying the host key:
https://winscp.net/tracker/show_bug.cgi?id=815

That obviously can be abused to accept any hostkey Sad
ironside
[View user's profile]

Joined: 2012-04-06
Posts: 3
Accepting any host key compromises authentication but you still end up with an encrypted transfer, no?

Perhaps John is only concerned about encrypting the data on the wire, less concerned with authenticating the endpoint?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
ironside wrote:
Accepting any host key compromises authentication but you still end up with an encrypted transfer, no?

Yes, with transfer encrypted using key of the attacker. Quite useless encryption.
_________________
Martin Prikryl
davidhomer
[View user's profile]

Joined: 2012-04-11
Posts: 1
Location: Oxfordshire
Hi, yes the new .NET assembly is a great idea

We are looking for using Automation so would need the ability to handle the unknown hostkey event so if you could add this that would be very useful.

The use case in our situation is that we wish to scan unix systems using SNMP then switch to SCP to download various configuration files for audit purposes. We wouldn't know the host key in advance.
http://www.centrel-solutions.com/XIAConfiguration/


I guess that SCP host key security is questionable anyway due to human intervention - whenever I've used WinSCP (which I have for some 10 years maybe?) I've never validated the server's HostKey on first connection... (blindly accepting whatever WinSCP says).



Thanks,


Dave
theworm13
[View user's profile]

Joined: 2012-04-12
Posts: 1
We to need the ability to (via .net) accept the host key automatically. Most people using this connection are at the "whim" of the company hosting the server. Yes there is no protection against spoofing, but frankly 99% of the time these keys are not "shared" anyway. They are only sent during the handshake of the connection process.

This will probably prevent us from using this Sad
ironside
[View user's profile]

Joined: 2012-04-06
Posts: 3
Using SFTP just to encrypt a stream is a perfectly legitimate use case.

Encrypting the traffic is useful, not useless, independent of endpoint authentication.

Looking at responses on this thread, it appears this [authenticate one endpoint only] use case is more popular than the mutual authentication the library currently enforces?

This is analogous to a web user accessing a web page via HTTPS. Only the server end of that connection is authenticated via protocol. The client end is generally not.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Hotkey is used for encryption too. Data on the stream are encrypted using the host key. So if you do not verify the host key, you are potentialy encrypting the stream using forged hostkey owned by the attacker. So the attacker can decode the stream.

Quote:
This is analogous to a web user accessing a web page via HTTPS. Only the server end of that connection is authenticated via protocol. The client end is generally not.

With SSL, you have certificate chain, so you get a warning, if the certificate is not backed by trusted authority. There's nothing like that with SSH.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
I have added topic to the FAQ:
https://winscp.net/eng/docs/faq_hostkey
FrankD
[View user's profile]

Joined: 2012-11-19
Posts: 2
Hello, any idea on the schedule when this feature would be added?
I'm looking for the same solution as the questions here...

"Event to accept an unknown host key"

Thanks a lot,
Frank
FrankD
[View user's profile]

Joined: 2012-11-19
Posts: 2
Other way to solve this is like they have done for sshj for JAVA:

ssh.addHostKeyVerifier(new PromiscuousVerifier());

http://javadox.com/net.schmizz/sshj/0.9.0/net/schmizz/sshj/transport/verification/PromiscuousVerifier.html
daanl
[View user's profile]

Joined: 2012-11-13
Posts: 1
prikryl wrote:
So why are you using SFTP at all? Accepting any hostkey breaks the security. You can use plain FTP instead.

Anyway, I plan to add an event to implement custom way of verifying the host key:
https://winscp.net/tracker/show_bug.cgi?id=815

That obviously can be abused to accept any hostkey Sad


Because i use azure to create servers and i need to logon for the first time.
JohnStraka
[View user's profile]
Donor
Joined: 2011-04-11
Posts: 2
Location: Florida
Thanks for implementing the fix, Martin.
Taka
[View user's profile]
Donor
Joined: 2013-03-12
Posts: 3
Location: Leicester, MA
EDIT: Nevermind, I see that it was fixed in 5.2 but the current download is only 5.1.x. Thanks!

I have been going through the latest WinSCP .NET DLL using the object browser, but I can't seem to find anything about implementing the fix from bug #815.

I want to be able to display the hostkey to the enduser and have them verify that it matches the one provided (and I will then store it for later verification,) rather than worrying about having our end users formatting that information properly, and likely failing/causing a ticket to be open to me.

It looks like there was an event added that would allow this functionality? Any pointers on where that event is located in the DLL?
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License