SshHostKeyFingerprint does not match pattern

Advertisement

alan_schreiber
Guest

SshHostKeyFingerprint does not match pattern

I am using WinSCP version 5.15.3. I am running .NET 4.6 I am using the .NET DLL from my C# application.
When trying to instantiate a SessionOptions for SFTP, I get the following error:
System.ArgumentException: SSH host key fingerprint "ssh-rsa 2048 AAAAB3NzaC1yc2EAAAADAQABAAABAQDFB6ETDIMdpeHLHflnzVWBkgt+NEWNDBEH9YJNexlq4acW4DKO4ykJIDSltzHgrkBBkG7AnDL6HdkRanoVC9PdhzLr13DWzYyAAvbWHPsRxKp8vmYG2ecrMOPbB0rBG+kwPWnD3rtaIvoQVomP8Pk8uuEP4w/IpE46Yw25IDuBxNcproM8O3J44np0/pF/E/86mDPJvirGEhS/hcMdX6F6aSvg0QXZ33Q0W7k+DKHJoP9PHgD/X4GGjUDslEOb4zfTMG2Attf+LKykeiWnzLEAdmAy05rZs86juxy3ns7iykFSN96WSP9/27T8hAKv09eM/VIePAK0QkLgYgSlBjA5" does not match pattern /((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=))*/
at WinSCP.SessionOptions.SetSshHostKeyFingerprint(String s)
at CPRIngestor.FTPManagment.FTP.SFtpHelper..ctor(FtpConnectionSettings settings, IngestorState state)
at CPRIngestor.FTPManagment.FileProcessingImpl.FileProcessingManager..ctor(FtpConnectionSettings ftpSettings, IIngestionDataAccessor dataAccessor, ProcessTimeMetrics stepMetrics)
at CPRIngestor.FTPManagment.FileProcessingImpl.HandleConfigAndRun.Run()
at IngestorService.CPRIngestionService.OnStart(IRunningInstance a_source, String[] args)
What are the business rules for how the SSH host key fingerprint should be constructed?
Are these business rules configurable/modifiable?

Thanks
Alan

Reply with quote

Advertisement

arnabx@gmail.com
Joined:
Posts:
1
Location:
York, ON

Re: SshHostKeyFingerprint does not match pattern

We get 2 formats of the fingerprints as shown below:
Server host key fingerprints
SHA-256 = ssh-ed25519 255 6rsCP/6DRiXtEFPuOwa/hsi7+PPQZ2j12B12sQdq0zg=
MD5 = ssh-ed25519 255 91:95:d0:1e:d0:2e:e0:5d:46:dc:a5:98:77:45:4a:46
Use the MD5 version, which forms the finger print in Hex.
From your C# code:
SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "192.168.2.100",
    UserName = "arnab",
    SshHostKeyFingerprint = "ssh-ed25519 255 91:95:d0:1e:d0:2e:e0:5d:46:dc:a5:98:77:45:4a:46",
    SshPrivateKeyPath = @"C:\Users\Admin\.ssh\private_keyGL0.ppk"
};

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
36,283
Location:
Prague, Czechia

Re: SshHostKeyFingerprint does not match pattern

arnabx@gmail.com wrote:

Use the MD5 version, which forms the finger print in Hex.
Quite on the contrary. Always prefer the SHA-256. MD5 is obsolete and insecure. If SHA-256 fingerprint does not work, it's most likely because you use an old version of WinSCP .NET assembly, which does not support it yet.
See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match

Reply with quote

Advertisement

You can post new topics in this forum