SshHostKeyFingerprint and SFTP

Advertisement

Rhendar
Joined:
Posts:
1

SshHostKeyFingerprint and SFTP

Hello,

I'm new to using WinSCP on the C# side of things. I have a basic application written which is just supposed to open a connection to an SFTP folder and download some files. I have the code all set up and ready to go, I'm using the WinSCP Nuget package, but when I run it I'm presented with an exception which says that because I set the protocol to SFTP I must provide an SshHostKeyFingerprint. I'll freely admin that encryption and security are my weaker areas of software development so this may be a very basic question but I have to ask it. Where do I actually obtain that finger print? I found the FAQ below which honestly doesn't help me very much.

https://winscp.net/eng/docs/faq_hostkey

Am I to obtain this SshHostKeyFingerprint from the server I am attempting to connect to? If so, does that not require me to be the host? I can't connect to another company's server to get this. Or is this something that I am to generate on my workstation? If so, doesn't this need to be vetted by the server I am connecting to in order to connect?

As a side, why is an SshHostKeyFingerprint required? When I connect using the WinSCP UI I simply enter the Host, Username, and Password and I'm in without an issue. Shouldn't C# code function relatively the same?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,516
Location:
Prague, Czechia

Re: SshHostKeyFingerprint and SFTP

Sorry, I honestly believe that most of your question are already answered in the FAQ you already know. Please read it again carefully.

Rhendar wrote:

When I connect using the WinSCP UI I simply enter the Host, Username, and Password and I'm in without an issue. Shouldn't C# code function relatively the same?
When you connected the first time, WinSCP asked you to confirm the host key:
https://winscp.net/eng/docs/ssh_verifying_the_host_key
Whether you really validated the host key at that moment is another question (and I guess you did not). The SessionOptions.SshHostKeyFingerprint is the code equivalent of this GUI confirmation.

Anyway, if you trust your connection, then just follow the last section in the FAQ that tells you how to reuse the host key you "have validated" in the GUI.
https://winscp.net/eng/docs/faq_hostkey#automation

Reply with quote

Advertisement

You can post new topics in this forum