SSL host certificate fingerprint does not match :: Support Forum

nuronce
Joined:: 2012-10-23
Posts:: 3
Location:: FL

SSL host certificate fingerprint does not match

2012-10-23 05:44

C#.NET 4.0 WinSCP 5.1

When I use the GUI in the registry it creates:
FSProtocol 5
Ftps 1
PortNumber 990
FtpsCertificates e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d
And works fine

When I run in code I get:

SSL host certificate fingerprint "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d" does not match pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}/

for:

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = WinSCP.Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "--------",
    Password = "--------",
    HostName = "ftp.----.com",
    SslHostCertificateFingerprint = "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};

I get:

SSH host key fingerprint "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d" does not match pattern /(ssh-rsa |ssh-dss )?\d+ ([0-9a-f]{2}:){15}[0-9a-f]{2}/

for:

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = WinSCP.Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "--------",
    Password = "--------",
    HostName = "ftp.----.com",
    SshHostKeyFingerprint = "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};

What am I doing wrong? I could not find anything in the docs.

Reply with quote

nuronce
Joined:: 2012-10-23
Posts:: 3
Location:: FL

How to connect FTP Passive Implicit with Certificate

2012-10-23 14:22

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "----",
    Password = "----",
    HostName = "ftp.-----.com",
    SslHostCertificateFingerprint = "e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,517
Location:: Prague, Czechia

Re: SSL host certificate fingerprint Does Not Match

2012-10-25

The code in the second post looks good. What's wrong with that? Or was that a resolution?

Reply with quote

nuronce

Resolution

2012-10-26 01:38

Was resolution

Reply with quote

Themistocles Guest

Also getting regex exception

2015-04-16 00:35

Hey @Martin,

For me adding the ssh-rsa 2048 to the beginning of the string I assign to SshHostKeyFingerprint doesn't make the regex exception go away.

I can connect to the host with the UI, and also had some initial success using the scripting engine. I haven't been able to connect after that first time.

Now I am using the .NET library (Version 1.2.8.5316) in a .NET 4 console app. My OS is Win7 Pro.

Here is my SessionOptions:

SessionOptions sessionOptions = new SessionOptions
{
   Protocol = Protocol.Ftp,
   FtpMode = FtpMode.Passive,
   PortNumber = 21,
   FtpSecure = FtpSecure.Explicit,
   HostName = "162.253.127.64",
   UserName = "--------",
   Password = "--------",
   SshHostKeyFingerprint = "ssh-rsa 2048 e7:d5:b0:a4:6f:24:7f:15:5c:c1:ae:b9:43:c1:86:95:7e:97:35:85"
};

When I run it, I get:

System.ArgumentException was caught
  HResult=-2147024809
  Message=SSH host key fingerprint "ssh-rsa 2048 e7:d5:b0:a4:6f:24:7f:15:5c:c1:ae:b9:43:c1:86:95:7e:97:35:85" does not match pattern /((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}(;((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2})*/
  Source=WinSCPnet
  StackTrace:
       at WinSCP.SessionOptions.SetSshHostKeyFingerprint(String s)
       at WinSCP.SessionOptions.set_SshHostKeyFingerprint(String value)
       at Program.Main(String[] args) in C:\Users\Me\Documents\Visual Studio 2010\Projects\WinScpTool\Program.cs:line 16

I am confused about the regex above. Both my fingerprint and the original question have 20 pairs of hex numbers, but the regex only matches 15. I am surprised that this is expected to work.

Can you comment on the regex? Am I reading it wrong?

thanks
SD

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,517
Location:: Prague, Czechia

Re: Also getting regex exception

2015-04-16

Themistocles wrote:

I am confused about the regex above. Both my fingerprint and the original question have 20 pairs of hex numbers, but the regex only matches 15. I am surprised that this is expected to work.

You are setting SshHostKeyFingerprint, but you are using FTP over TLS, not SSH. You need to set TlsHostCertificateFingerprint.

See SSH host key/TLS host certificate fingerprint “…” does not match pattern “…”

Reply with quote