Server Key Mismatch

Advertisement

InteXX
Joined:
Posts:
26
Location:
Fairbanks, Alaska

Server Key Mismatch

I have found that the automation module returns a different MD5 key than does the UI, using the Session.ScanFingerprint() method. In this case, the key returned from the SDK is the correct one.

SDK: 78:b7:60:ec:c9:51:7b:a8:a5:55:2e:76:ab:08:c2:89
UI: c4:38:c2:a9:c5:87:16:d7:27:67:1d:85:e8:37:d9:9c

1. I'm using v5.13.3
2. I don't believe this was occurring under v5.11.2 (but I could be mistaken)
3. I'm running my app on Win10; the server is Ubuntu Server running in a VM
4. SFTP
5. Automation/GUI (both)
6. No error message (except in my app, due to a key mismatch)
7. N/A
8. N/A (problem manifests prior to session start)
9. Code:

Dim oSessionOptions As New SessionOptions
    
oSessionOptions.Protocol = Protocol.Sftp,
oSessionOptions.HostName = Utils.Registry.ImportHostName,
oSessionOptions.UserName = Utils.Registry.ImportUsername,
oSessionOptions.Password = ImportPassword.Decrypt(Utils.Entropy)

Using oSession As New Session
  Return oSession.ScanFingerprint(oSessionOptions, "MD5")
End Using
[img][/img]

Description: This is the key returned by the UI

UI Key.png

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: Server Key Mismatch

Please attach session log file both from GUI and .NET assembly.

Reply with quote

InteXX
Joined:
Posts:
26
Location:
Fairbanks, Alaska

Hm, now you've got me confused.

How can there be session logs if all of this occurs before any session becomes active?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Well, I expected a log file from ScanFingerprint method.

What I can tell you so far, based on these logs, is that the server has multiple host keys.

.NET uses an RSA host key, because you've told it so (SshHostKeyFingerprint = "ssh-rsa ...").

While GUI defaults to an ECDSA/nistp256, because it's a more secure host key than RSA.

Reply with quote

InteXX
Joined:
Posts:
26
Location:
Fairbanks, Alaska

Is there a way to force the older MD5 in the GUI? I've poked through the Advanced Site Settings dialog, but nothing's jumping right out at me.

I need this because I'm supporting a customer who's still on MD5. The multi-key server at my site is an Ubuntu Server running in my Dev environment, but the customer requirement in Prod ripples down to Dev, both GUI and Automation.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

It's not about MD5. Note that even your GUI dialog shows both MD5 and SHA-1 for the same host key. It's about host key algorithm.

There's no option to configure preferred algorithm in WinSCP GUI.
But you can use Hostkey raw setting:
https://winscp.net/eng/docs/rawsettings

Or you can use PuTTY, which allows setting preferred algorithm and import PuTTY settings to WinSCP.
https://the.earth.li/~sgtatham/putty/latest/htmldoc/Chapter4.html#config-ssh-hostkey
https://winscp.net/eng/docs/ui_import
See also https://stackoverflow.com/q/44786663/850848

Reply with quote

Advertisement

You can post new topics in this forum