Auto-accept host key in .NET Assembly

Advertisement

JohnStraka
Donor
Joined:
Posts:
2
Location:
Florida

Auto-accept host key in .NET Assembly

About a year ago, I used the WinSCP command-line interface for automating SFTP usage. I wanted to revise my code that used this so I checked out the site to see what changes might have been made. I was very happy to see that a .NET assembly is now offered, as it will save me a ton of time. It works great for me so far, however there is one big issue - being unable to automatically accept host keys. I used this option when using the command-line interface. We connect with many SFTPs, some of them change their key weekly. Manually keeping track of and storing keys, or manually accepting changes and setting Session.DefaultConfiguration to false in our code, would be untenable as the intent is for this code to run on a schedule without any user intervention. Being able to automatically accept host keys in the assembly would be great!

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Auto-accept host key in .NET Assembly

So why are you using SFTP at all? Accepting any hostkey breaks the security. You can use plain FTP instead.

Anyway, I plan to add an event to implement custom way of verifying the host key:
https://winscp.net/tracker/show_bug.cgi?id=815

That obviously can be abused to accept any hostkey :(

Reply with quote

ironside
Joined:
Posts:
3

Accepting any host key compromises authentication but you still end up with an encrypted transfer, no?

Perhaps John is only concerned about encrypting the data on the wire, less concerned with authenticating the endpoint?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

ironside wrote:

Accepting any host key compromises authentication but you still end up with an encrypted transfer, no?
Yes, with transfer encrypted using key of the attacker. Quite useless encryption.
_________________
Martin Prikryl

Reply with quote

davidhomer
Joined:
Posts:
1
Location:
Oxfordshire

Hi, yes the new .NET assembly is a great idea

We are looking for using Automation so would need the ability to handle the unknown hostkey event so if you could add this that would be very useful.

The use case in our situation is that we wish to scan unix systems using SNMP then switch to SCP to download various configuration files for audit purposes. We wouldn't know the host key in advance.
https://www.centrel-solutions.com/xiaconfiguration/


I guess that SCP host key security is questionable anyway due to human intervention - whenever I've used WinSCP (which I have for some 10 years maybe?) I've never validated the server's HostKey on first connection... (blindly accepting whatever WinSCP says).



Thanks,


Dave

Reply with quote E-mail

theworm13
Joined:
Posts:
1

We to need the ability to (via .net) accept the host key automatically. Most people using this connection are at the "whim" of the company hosting the server. Yes there is no protection against spoofing, but frankly 99% of the time these keys are not "shared" anyway. They are only sent during the handshake of the connection process.

This will probably prevent us from using this :(

Reply with quote

ironside
Joined:
Posts:
3

Authentication and Encryption are distinct.

Using SFTP just to encrypt a stream is a perfectly legitimate use case.

Encrypting the traffic is useful, not useless, independent of endpoint authentication.

Looking at responses on this thread, it appears this [authenticate one endpoint only] use case is more popular than the mutual authentication the library currently enforces?

This is analogous to a web user accessing a web page via HTTPS. Only the server end of that connection is authenticated via protocol. The client end is generally not.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Authentication and Encryption are distinct.

Hotkey is used for encryption too. Data on the stream are encrypted using the host key. So if you do not verify the host key, you are potentialy encrypting the stream using forged hostkey owned by the attacker. So the attacker can decode the stream.

This is analogous to a web user accessing a web page via HTTPS. Only the server end of that connection is authenticated via protocol. The client end is generally not.
With SSL, you have certificate chain, so you get a warning, if the certificate is not backed by trusted authority. There's nothing like that with SSH.
_________________
Martin Prikryl

Reply with quote

FrankD
Joined:
Posts:
2

Implementation of Tracker Bug 815

Hello, any idea on the schedule when this feature would be added?
I'm looking for the same solution as the questions here...

"Event to accept an unknown host key"

Thanks a lot,
Frank

Reply with quote

daanl
Joined:
Posts:
1

Re: Auto-accept host key in .NET Assembly

martin wrote:

So why are you using SFTP at all? Accepting any hostkey breaks the security. You can use plain FTP instead.

Anyway, I plan to add an event to implement custom way of verifying the host key:
https://winscp.net/tracker/show_bug.cgi?id=815

That obviously can be abused to accept any hostkey :(

Because i use azure to create servers and i need to logon for the first time.

Reply with quote

Taka
Donor
Joined:
Posts:
3
Location:
Leicester, MA

Example?

EDIT: Nevermind, I see that it was fixed in 5.2 but the current download is only 5.1.x. Thanks!

I have been going through the latest WinSCP .NET DLL using the object browser, but I can't seem to find anything about implementing the fix from bug #815.

I want to be able to display the hostkey to the enduser and have them verify that it matches the one provided (and I will then store it for later verification,) rather than worrying about having our end users formatting that information properly, and likely failing/causing a ticket to be open to me.

It looks like there was an event added that would allow this functionality? Any pointers on where that event is located in the DLL?

Reply with quote

Advertisement

You can post new topics in this forum