How to Login to SFTP with Password/Passphrase instead of Hash?

Advertisement

MrAvgProgrammer
Joined:
Posts:
4

How to Login to SFTP with Password/Passphrase instead of Hash?

I am looking to open a SFTP session and I would like to be able to connect to sites via the SFTP Passphrase or Key Hash.
Currently I am only able to figure it out using the Hash.

[code]
With sessionOptions
.Protocol = Protocol.Sftp
.HostName = strURL
.UserName = strUserName
.Password = strPassword
.PortNumber = 22
.SshHostKeyFingerprint = "ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
End With
[/code]

Any suggestions would greatly be appreciated.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,286
Location:
Prague, Czechia

Re: How to Login to SFTP with Password/Passphrase instead of Hash?

MrAvgProgrammer wrote:

I am looking to open a SFTP session and I would like to be able to connect to sites via the SFTP Passphrase or Key Hash.
Currently I am only able to figure it out using the Hash.
Sorry, this makes little sense.
Maybe you have meant that you want to authenticate using a private key protected by a passphrase?
For that use .SshPrivateKeyPath and .PrivateKeyPassphrase.
https://winscp.net/eng/docs/library_sessionoptions

If by "Hash" you refer to SshHostKeyFingerprint, then note that it is unrelated to authentication. It's to verify identity of the server.
See https://winscp.net/eng/docs/ssh_verifying_the_host_key

Reply with quote

MrAvgProgrammer
Joined:
Posts:
4

My apologies for being unclear. I am new to Secure FTP so my terminology is a work in progress.

Typically, when users connect to my SFTP site what would I need to give them so that they would have access to my server? They currently utilize Active Directory(AD)User Name and Passwords. I do not allow anonymous access. In my testing I am using the Filezilla client to connect to my test SFTP site the server/site doesn't require any special criteria to gain access other than my Username and Password. It simply gives me a message with the Server Fingerprint of where I am trying to connect to.

Typically, do Server admins pass out the Key and Passphrase to clients? What is the norm?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,286
Location:
Prague, Czechia

OK, you mix two different things.

Authentication: Either provide the users with username and password. Or better, have them generate a key pair and send you a public key. Then create a new username and register the public key with the username. Then they can login with the private key. There are other options obviously.
See also https://winscp.net/eng/docs/guide_public_key

Server Fingerprint: In SSH/SFTP, the client/user has no verify server key. In GUI clients, you usually get a confirmation box on the first connection, which gets cached somewhere after being confirmed. When using an API, you have to specify a fingerprint of trusted host key for every connection. In WinSCP .NET assembly, the SshHostKeyFingerprint is used.
See https://winscp.net/eng/docs/faq_hostkey

See also
https://winscp.net/eng/docs/ssh_keys
https://winscp.net/eng/docs/library_example_known_hosts

Reply with quote

Advertisement

You can post new topics in this forum