SshHostKeyFingerprint does not match pattern :: Support Forum

alan_schreiber Guest

SshHostKeyFingerprint does not match pattern

2019-09-20 19:05

I am using WinSCP version 5.15.3. I am running .NET 4.6 I am using the .NET DLL from my C# application.
When trying to instantiate a SessionOptions for SFTP, I get the following error:

System.ArgumentException: SSH host key fingerprint "ssh-rsa 2048 AAAAB3NzaC1yc2EAAAADAQABAAABAQDFB6ETDIMdpeHLHflnzVWBkgt+NEWNDBEH9YJNexlq4acW4DKO4ykJIDSltzHgrkBBkG7AnDL6HdkRanoVC9PdhzLr13DWzYyAAvbWHPsRxKp8vmYG2ecrMOPbB0rBG+kwPWnD3rtaIvoQVomP8Pk8uuEP4w/IpE46Yw25IDuBxNcproM8O3J44np0/pF/E/86mDPJvirGEhS/hcMdX6F6aSvg0QXZ33Q0W7k+DKHJoP9PHgD/X4GGjUDslEOb4zfTMG2Attf+LKykeiWnzLEAdmAy05rZs86juxy3ns7iykFSN96WSP9/27T8hAKv09eM/VIePAK0QkLgYgSlBjA5" does not match pattern /((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=))*/
at WinSCP.SessionOptions.SetSshHostKeyFingerprint(String s)
at CPRIngestor.FTPManagment.FTP.SFtpHelper..ctor(FtpConnectionSettings settings, IngestorState state)
at CPRIngestor.FTPManagment.FileProcessingImpl.FileProcessingManager..ctor(FtpConnectionSettings ftpSettings, IIngestionDataAccessor dataAccessor, ProcessTimeMetrics stepMetrics)
at CPRIngestor.FTPManagment.FileProcessingImpl.HandleConfigAndRun.Run()
at IngestorService.CPRIngestionService.OnStart(IRunningInstance a_source, String[] args)

What are the business rules for how the SSH host key fingerprint should be constructed?
Are these business rules configurable/modifiable?

Thanks
Alan

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,605
Location:: Prague, Czechia

Re: SshHostKeyFingerprint does not match pattern

2019-09-24

What you are using does nor look like a fingerprint, but rather likes a full hostkey.
See https://winscp.net/eng/docs/faq_hostkey

Reply with quote

arnabx@gmail.com
Joined:: 2021-02-18
Posts:: 1
Location:: York, ON

Re: SshHostKeyFingerprint does not match pattern

2021-02-18 06:39

We get 2 formats of the fingerprints as shown below:

Server host key fingerprints
SHA-256 = ssh-ed25519 255 6rsCP/6DRiXtEFPuOwa/hsi7+PPQZ2j12B12sQdq0zg=
MD5 = ssh-ed25519 255 91:95:d0:1e:d0:2e:e0:5d:46:dc:a5:98:77:45:4a:46

Use the MD5 version, which forms the finger print in Hex.
From your C# code:

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "192.168.2.100",
    UserName = "arnab",
    SshHostKeyFingerprint = "ssh-ed25519 255 91:95:d0:1e:d0:2e:e0:5d:46:dc:a5:98:77:45:4a:46",
    SshPrivateKeyPath = @"C:\Users\Admin\.ssh\private_keyGL0.ppk"
};

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,605
Location:: Prague, Czechia

Re: SshHostKeyFingerprint does not match pattern

2021-02-19

arnabx@gmail.com wrote:

Use the MD5 version, which forms the finger print in Hex.

Quite on the contrary. Always prefer the SHA-256. MD5 is obsolete and insecure. If SHA-256 fingerprint does not work, it's most likely because you use an old version of WinSCP .NET assembly, which does not support it yet.
See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match

Reply with quote

SshHostKeyFingerprint does not match pattern