Topic "SshHostKeyFingerprint in .NET question"

Author Message
knarf
[View user's profile]

Joined: 2013-08-01
Posts: 1
Location: Amsterdam
Hello,
In the .net examples one needs to use the SshHostKeyFingerprint.

(SshHostKeyFingerprint = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx")

I cant get it to work but in the Winscp gui I use a private certificate (ppk) which does work fine.

Is it possible to use the private cert. in c# or is the SshHostKeyFingerprint enough?

tnx
frank
Advertisements
JeffClay
[View user's profile]

Joined: 2013-07-31
Posts: 5
Location: US
Isn't the private key used for authentication? The host key fingerprint is to prevent man-in-the-middle attacks by verifying the identify of the server during authentication.
Makotoseven
[View user's profile]

Joined: 2013-08-01
Posts: 4
Location: TEXAS
I am having the exact same issue. I have validated my key using the winscp application and built a simple app to test the connection to the same server using the same credentials. I keep getting the error "Host key wasn't verified!"

I've tried just passing in the SshPrivateKeyPath but I get the error "SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.HostKey is not set."

Then I tried passing in both the fingerprint as a string which returns "Host key wasn't verified!" and the same happens when I passin both the string and the .ppk file as SshPrivateKeyPath.

I know the cert works and I think my code is in the ballpark, i just must be missing something.


sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = txtHost.Text,
PortNumber = Convert.ToInt16(txtPort.Text.ToString()),
UserName = txtUserName.Text,
Password = txtPassword.Text,
SshPrivateKeyPath = txtPrivatePath.Text,
SshHostKeyFingerprint = txtKey.Text,
FtpSecure = FtpSecure.None
};
JeffClay
[View user's profile]

Joined: 2013-07-31
Posts: 5
Location: US
Code:
SshHostKeyFingerprint = txtKey.Text,


Are you putting ssh-rsa 2048 in front of the key? The numbers represent the encryption bits in the key, yours may be different.

You may need to do something more like:
Code:
 SshHostKeyFingerprint = "ssh-rsa 2048 " + txtKey.Text,

The space is necessary after the number and before the last double-quotation.
Also, you may need to escape the back-slashes in your keypath since a backslash is an escape character. My paths usually look something like:
Code:
path = "c:\\windows\\system32\\blah\\blah\\"
Makotoseven
[View user's profile]

Joined: 2013-08-01
Posts: 4
Location: TEXAS
Thanks for the reply Jeff.

My text field contains the whole code copied from puttygen which includes the ssh-dss 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.

Also my paths are correct. I stepped through the code and verified the accuracy.

Any other ideas?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
You are both confusing your client key (for which you have both your secret private part and public part that needs to be registered on the server) with host key (for which you care only about the public part).
The SessionOptions.SshHostKeyFingerprint has to be set to fingerprint of public part of expected host (=server) key.
See here to learn how to get it's value:
https://winscp.net/eng/docs/faq_hostkey
Makotoseven
[View user's profile]

Joined: 2013-08-01
Posts: 4
Location: TEXAS
Okay so here's what I've been doing. I've been using bluehost as my testbed. I go into the SSH manager and make public and private keys then load the private key into puttygen to get its fingerprint.

From what I gather you're saying I need to (if possible) get the public key for my machine from bluehost itself, not just my account.

Is that accurate? I'm very new to SSH sorry for all the followup questions.

I can SSH into my account using a private key made through my interface. Then I though "Does SFTP require something different (perhaps because I'm really just using a virtual machine)?" but I can use the private key file downloaded from my bluehost account with the winSCP application itself. That's why I thought I could just reference the private key path exclusively (using the same file) and be done with it but when I do that it returns an error saying "Host key wasn't verified!".

I'm missing something that is staring me right in the face, I think.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Makotoseven wrote:
From what I gather you're saying I need to (if possible) get the public key for my machine from bluehost itself, not just my account.

Not sure what you mean by "your machine". If you mean your virtual server, then yes (note that it's host key of the SSH server on the machine, not of the machine as a whole).

Quote:
I can SSH into my account using a private key made through my interface. Then I though "Does SFTP require something different (perhaps because I'm really just using a virtual machine)?" but I can use the private key file downloaded from my bluehost account with the winSCP application itself. That's why I thought I could just reference the private key path exclusively (using the same file) and be done with it but when I do that it returns an error saying "Host key wasn't verified!".

First, it's irrelevant if you use virtual machine or not.
Second, if I understand it correctly, you can connect using WinSCP GUI. That means you have already verified your server's host key in GUI on the first connect (you got this message). You need to do the same for the assembly, except that the assembly does not have a persistent host key cache (what GUI has). So you need to verify it on every connect. And that's what the SessionOptions.SshHostKeyFingerprint is for.

I do not know how to help you further.

Please make sure you read these few more times:
https://winscp.net/eng/docs/ssh#verifying_the_host_key
https://winscp.net/eng/docs/faq_hostkey
_________________
Martin Prikryl
Makotoseven
[View user's profile]

Joined: 2013-08-01
Posts: 4
Location: TEXAS
That was very helpful. I FINALLY figured out what I was doing wrong.

I needed to connect to the server via the WinSCP application and on connection it shows me the host key fingerprint. So I plugged it in and it works now! Hooray!

Thanks Smile
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License