SshHostKeyFingerprint in .NET question

Advertisement

knarf
Joined:
Posts:
1
Location:
Amsterdam

SshHostKeyFingerprint in .NET question

Hello,
In the .net examples one needs to use the SshHostKeyFingerprint.

(SshHostKeyFingerprint = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx")

I cant get it to work but in the Winscp gui I use a private certificate (ppk) which does work fine.

Is it possible to use the private cert. in c# or is the SshHostKeyFingerprint enough?

tnx
frank

Reply with quote

Advertisement

JeffClay
Joined:
Posts:
5
Location:
US

Isn't the private key used for authentication? The host key fingerprint is to prevent man-in-the-middle attacks by verifying the identify of the server during authentication.

Reply with quote

Makotoseven
Joined:
Posts:
4
Location:
TEXAS

I am having the exact same issue. I have validated my key using the winscp application and built a simple app to test the connection to the same server using the same credentials. I keep getting the error "Host key wasn't verified!"

I've tried just passing in the SshPrivateKeyPath but I get the error "SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.HostKey is not set."

Then I tried passing in both the fingerprint as a string which returns "Host key wasn't verified!" and the same happens when I passin both the string and the .ppk file as SshPrivateKeyPath.

I know the cert works and I think my code is in the ballpark, i just must be missing something.


sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = txtHost.Text,
PortNumber = Convert.ToInt16(txtPort.Text.ToString()),
UserName = txtUserName.Text,
Password = txtPassword.Text,
SshPrivateKeyPath = txtPrivatePath.Text,
SshHostKeyFingerprint = txtKey.Text,
FtpSecure = FtpSecure.None
};

Reply with quote

JeffClay
Joined:
Posts:
5
Location:
US

SshHostKeyFingerprint = txtKey.Text,

Are you putting ssh-rsa 2048 in front of the key? The numbers represent the encryption bits in the key, yours may be different.

You may need to do something more like:
 SshHostKeyFingerprint = "ssh-rsa 2048 " + txtKey.Text,

The space is necessary after the number and before the last double-quotation.
Also, you may need to escape the back-slashes in your keypath since a backslash is an escape character. My paths usually look something like:
path = "c:\\windows\\system32\\blah\\blah\\"

Reply with quote

Makotoseven
Joined:
Posts:
4
Location:
TEXAS

Thanks for the reply Jeff.

My text field contains the whole code copied from puttygen which includes the ssh-dss 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.

Also my paths are correct. I stepped through the code and verified the accuracy.

Any other ideas?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

Re: SshHostKeyFingerprint in .NET question

You are both confusing your client key (for which you have both your secret private part and public part that needs to be registered on the server) with host key (for which you care only about the public part).
The SessionOptions.SshHostKeyFingerprint has to be set to fingerprint of public part of expected host (=server) key.
See here to learn how to get it's value:
https://winscp.net/eng/docs/faq_hostkey

Reply with quote

Makotoseven
Joined:
Posts:
4
Location:
TEXAS

Okay so here's what I've been doing. I've been using bluehost as my testbed. I go into the SSH manager and make public and private keys then load the private key into puttygen to get its fingerprint.

From what I gather you're saying I need to (if possible) get the public key for my machine from bluehost itself, not just my account.

Is that accurate? I'm very new to SSH sorry for all the followup questions.

I can SSH into my account using a private key made through my interface. Then I though "Does SFTP require something different (perhaps because I'm really just using a virtual machine)?" but I can use the private key file downloaded from my bluehost account with the winSCP application itself. That's why I thought I could just reference the private key path exclusively (using the same file) and be done with it but when I do that it returns an error saying "Host key wasn't verified!".

I'm missing something that is staring me right in the face, I think.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

Makotoseven wrote:

From what I gather you're saying I need to (if possible) get the public key for my machine from bluehost itself, not just my account.
Not sure what you mean by "your machine". If you mean your virtual server, then yes (note that it's host key of the SSH server on the machine, not of the machine as a whole).

I can SSH into my account using a private key made through my interface. Then I though "Does SFTP require something different (perhaps because I'm really just using a virtual machine)?" but I can use the private key file downloaded from my bluehost account with the winSCP application itself. That's why I thought I could just reference the private key path exclusively (using the same file) and be done with it but when I do that it returns an error saying "Host key wasn't verified!".
First, it's irrelevant if you use virtual machine or not.
Second, if I understand it correctly, you can connect using WinSCP GUI. That means you have already verified your server's host key in GUI on the first connect (you got this message). You need to do the same for the assembly, except that the assembly does not have a persistent host key cache (what GUI has). So you need to verify it on every connect. And that's what the SessionOptions.SshHostKeyFingerprint is for.

I do not know how to help you further.

Please make sure you read these few more times:
https://winscp.net/eng/docs/ssh_verifying_the_host_key
https://winscp.net/eng/docs/faq_hostkey

Reply with quote

Makotoseven
Joined:
Posts:
4
Location:
TEXAS

That was very helpful. I FINALLY figured out what I was doing wrong.

I needed to connect to the server via the WinSCP application and on connection it shows me the host key fingerprint. So I plugged it in and it works now! Hooray!

Thanks :)

Reply with quote

Advertisement

You can post new topics in this forum