SSL host certificate fingerprint Does Not Match

Advertisement

nuronce
Joined:
Posts:
3
Location:
FL

SSL host certificate fingerprint Does Not Match

C#.NET 4.0 WinSCP 5.1

When I use the GUI in the registry it creates:
FSProtocol 5
Ftps 1
PortNumber 990
FtpsCertificates: e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d
And works fine

When I run in code I get:
SSL host certificate fingerprint "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d" does not match pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}/
for:
SessionOptions sessionOptions = new SessionOptions
{
    Protocol = WinSCP.Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "--------",
    Password = "--------",
    HostName = "ftp.----.com",
    SslHostCertificateFingerprint = "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};
I get:
SSH host key fingerprint "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d" does not match pattern /(ssh-rsa |ssh-dss )?\d+ ([0-9a-f]{2}:){15}[0-9a-f]{2}/
for:
SessionOptions sessionOptions = new SessionOptions
{
    Protocol = WinSCP.Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "--------",
    Password = "--------",
    HostName = "ftp.----.com",
    SshHostKeyFingerprint = "ssh-rsa 1024 e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};
What am I doing wrong? I could not find anything in the docs.

Reply with quote

Advertisement

nuronce
Joined:
Posts:
3
Location:
FL

How to connect FTP Passive Implicit with Certificate

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = WinSCP.Protocol.Ftp,
    FtpMode = FtpMode.Passive,
    FtpSecure = FtpSecure.Implicit,
    PortNumber = 990,
    UserName = "----",
    Password = "----",
    HostName = "ftp.-----.com",
    SslHostCertificateFingerprint = "e6:a3:7a:56:5b:e3:bb:0d:1c:34:58:bd:47:94:79:75:32:2b:70:4d"
};

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
36,025
Location:
Prague, Czechia

Re: SSL host certificate fingerprint Does Not Match

The code in the second post looks good. What's wrong with that? Or was that a resolution?

Reply with quote

Themistocles
Guest

Also getting regex exception

Hey Prikryl,

For me adding the ssh-rsa 2048 to the beginning of the string I assign to SshHostKeyFingerprint doesn't make the regex exception go away.

I can connect to the host with the UI, and also had some initial success using the scripting engine. I haven't been able to connect after that first time.

Now I am using the .NET library (Version 1.2.8.5316) in a .NET 4 console app. My OS is Win7 Pro.

Here is my SessionOptions:
SessionOptions sessionOptions = new SessionOptions
{
   Protocol = WinSCP.Protocol.Ftp,
   FtpMode = WinSCP.FtpMode.Passive,
   PortNumber = 21,
   FtpSecure = FtpSecure.Explicit,
   HostName = "162.253.127.64",
   UserName = "--------",
   Password = "--------",
   SshHostKeyFingerprint = "ssh-rsa 2048 e7:d5:b0:a4:6f:24:7f:15:5c:c1:ae:b9:43:c1:86:95:7e:97:35:85"
};
When I run it, I get:
System.ArgumentException was caught
  HResult=-2147024809
  Message=SSH host key fingerprint "ssh-rsa 2048 e7:d5:b0:a4:6f:24:7f:15:5c:c1:ae:b9:43:c1:86:95:7e:97:35:85" does not match pattern /((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}(;((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2})*/
  Source=WinSCPnet
  StackTrace:
       at WinSCP.SessionOptions.SetSshHostKeyFingerprint(String s)
       at WinSCP.SessionOptions.set_SshHostKeyFingerprint(String value)
       at Program.Main(String[] args) in C:\Users\Me\Documents\Visual Studio 2010\Projects\WinScpTool\Program.cs:line 16
I am confused about the regex above. Both my fingerprint and the original question have 20 pairs of hex numbers, but the regex only matches 15. I am surprised that this is expected to work.

Can you comment on the regex? Am I reading it wrong?

thanks
SD

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
36,025
Location:
Prague, Czechia

Re: Also getting regex exception

Themistocles wrote:

I am confused about the regex above. Both my fingerprint and the original question have 20 pairs of hex numbers, but the regex only matches 15. I am surprised that this is expected to work.
You are setting SshHostKeyFingerprint, but you are using FTP over TLS, not SSH. You need to set TlsHostCertificateFingerprint.

See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match

Reply with quote

Guest

Re: How to connect FTP Passive Implicit with Certificate

How did this work if there is no property for SslHostCertificateFingerprint?

Reply with quote

Advertisement

You can post new topics in this forum