Topic "Accepting host keys in advance"

Author Message
gubi24

Guest


Hi Martin,

I"m trying to configure "DisableAcceptingHostKeys"=dword:00000001

I'm following these instructions:
https://winscp.net/eng/docs/administration
https://winscp.net/eng/docs/ssh_verifying_the_host_key

You say: "System administrator can restrict connection to server without having their host keys accepted in advance."

How does a System administrator accept host keys in advance?

Consider this situation:
-"DisableAcceptingHostKeys"=dword:00000001
-A new server is added to the network
-Some users need access to the new server
-The system administrator wants to add the new servers's host key to the WinSCP configuration. How would the system administrator do that without setting "DisableAcceptingHostKeys"=dword:00000000?

I hope my question make sense. Thanks Smile

Thanks
Peter
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25966
Location: Prague, Czechia
Connect to the server, verify the hoskeys, and set the DisableAcceptingHostKeys afterwards.
If you need to do this on multiple machines, check what entries are added to the HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SshHostKeys.
Guest




Thanks for the reply!

This works as a workaround, I am doing it this way currently. I was wondering if there was another way.

So I guess there is no way to know how the host key cache is encoded in the registry?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25966
Location: Prague, Czechia
It's just a simple hex format of the key.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License