Removing a Cached HostKey via API

Advertisement

InteXX
Joined:
Posts:
21
Location:
Fairbanks, Alaska

Removing a Cached HostKey via API

My app handles its own SFTP HostKey management; if the WinSCP application is installed on the same computer and the user elects to cache a HostKey, this can cause problems for my app. The user understands that the app's HostKey management takes precedence over WinSCP's.

Thus I've gone to extra measures to make sure that on startup the app clears the HostKey from the registry and also deletes any existing WinScp.ini files in the execution directory from previous sessions. I'm including my registry access code below to demonstrate.

My ad-hoc solution works for now, but my concern is that it's a bit brittle. In other words, it's relying on undocumented architecture. If this architecture should change in the future it could break my design.

It would be helpful if the .NET API could include a method to accomplish the task if desired. This way it would be documented, stable and more reliable.

Thanks,
Jeff Bowman
Fairbanks, Alaska



Private Sub RemoveCachedHostKey(HostName As String)
  Dim _
    oHostsResult,
    oAppResult As Action(Of String)

  Dim _
    oHostsQuery,
    oAppQuery As Func(Of String, Boolean)

  Dim _
    oHostsKey,
    oAppKey As RegistryKey

  oHostsKey = Nothing
  oAppKey = Nothing

  oHostsResult = Sub(ValueName As String) oHostsKey.DeleteValue(ValueName)
  oHostsQuery = Function(ValueName As String) ValueName.ToLower.EndsWith(HostName.ToLower)
  oAppResult = Sub(KeyName As String)
                 oHostsKey = oAppKey.OpenSubKey(KeyName, True).OpenSubKey("SshHostKeys", True)

                 If oHostsKey IsNot Nothing Then
                   oHostsKey.GetValueNames.Where(oHostsQuery).ToList.ForEach(oHostsResult)

                   If oHostsKey.ValueCount = 0 Then
                     oAppKey.OpenSubKey(KeyName, True).DeleteSubKey(oHostsKey.Name)
                   End If
                 End If
               End Sub

  oAppQuery = Function(KeyName As String) KeyName.StartsWith("WinSCP")

  With RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry32).OpenSubKey("Software", True)
    oAppKey = .OpenSubKey("Martin Prikryl", True)

    If oAppKey IsNot Nothing Then
      oAppKey.GetSubKeyNames.Where(oAppQuery).ToList.ForEach(oAppResult)
    End If
  End With

  File.Delete(My.Resources.INI_FILE)
End Sub    

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Removing a Cached HostKey via API

1) Use WinSCP .NET assembly. It is completely stateless. So among other, it does not use the host key cache.
https://winscp.net/eng/docs/library

2) With scripting, use /ini=nul command-line parameter to isolate the script run from any configuration stored on the machine. Or use /ini= to point to your application-specific configuration file:
https://winscp.net/eng/docs/scripting#configuration

Reply with quote

InteXX
Joined:
Posts:
21
Location:
Fairbanks, Alaska

Re: Removing a Cached HostKey via API

martin wrote:

1) Use WinSCP .NET assembly. It is completely stateless. So among other, it does not use the host key cache.
https://winscp.net/eng/docs/library

2) With scripting, use /ini=nul command-line parameter to isolate the script run from any configuration stored on the machine. Or use /ini= to point to your application-specific configuration file:
https://winscp.net/eng/docs/scripting#configuration

Perfect. You've anticipated this need well. I can delete my registry access code.

Keep up the good work.

Thanks,
Jeff Bowman
Fairbanks, Alaska

Reply with quote

Advertisement

You can post new topics in this forum