WinSCP sporadically fails on Host key does not match when connecting through tunnel

Advertisement

DotnetDeveloper
Joined:
Posts:
3
Location:
Virginia

WinSCP sporadically fails on Host key does not match when connecting through tunnel

I have been having this issue for quite few months now. I started with winscp script, moved to winscp .net assembly, hoping to find a solution, but didnt help.
My scenario:
I post files to client sftp location from my server tunneling thru proxy. I have 2 environments, both tunnel thru the same proxy to post the files on client location. Both environments have 2 different logins and their own host keys. 30% of the times, the upload fail saying -
(Exception) **Host key does not match configured key fingerprint "ssh-rsa 2048 xxxxxxxxxxxxxxxxxxxxxx="!**
Here is the code:
SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = ConfigurationManager.AppSettings["ClientHostName"],
    UserName = ConfigurationManager.AppSettings["ClientUserName"],
    Password = ConfigurationManager.AppSettings["ClientPassword"],
    SshHostKeyFingerprint = ConfigurationManager.AppSettings["ClientHostKey"],
    PortNumber = Convert.ToInt32(ConfigurationManager.AppSettings["ClientPort"])                    
};
 
if (tunneling)
{
    sessionOptions.AddRawSettings("Tunnel", "1");
    sessionOptions.AddRawSettings("TunnelHostName", ConfigurationManager.AppSettings["ProxyHostName"]);
    sessionOptions.AddRawSettings("TunnelPortNumber", ConfigurationManager.AppSettings["ProxyPort"]);
    sessionOptions.AddRawSettings("TunnelUserName", ConfigurationManager.AppSettings["ProxyUserName"]);
    sessionOptions.AddRawSettings("TunnelPublicKeyFile", ConfigurationManager.AppSettings["ProxyPrivateKeyPath"]);
    sessionOptions.AddRawSettings("TunnelHostKey", ConfigurationManager.AppSettings["ProxyHostKey"]);
}
Logs attached:
This exception does not occur all the time. But only some instances and could not figure out when and why. Any insights/ideas much appreciated. Please help!!
  • sftpLog.log (8.43 KB, Private file)

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
35,438
Location:
Prague, Czechia

Re: Winscp Sporadically fails on Host key does not match

Isn't your server load balanced?
Can you post a log of a successful connection?

Reply with quote

DotnetDeveloper
Joined:
Posts:
3
Location:
Virginia

Thank you, Martin for your reply.
No, our server does not have load balancer.
Attaching successful attempt logs
  • SuccessSftpLog.log (12.86 KB, Private file)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
35,438
Location:
Prague, Czechia

Re: Winscp Sporadically fails on Host key does not match

Aren't you running multiple transfers in parallel?

WinSCP picks a free local port for the port forwarding, but before it is able to establish the tunnel, something steals the port. That's something that should be improved definitely. I'll look at this.

But meanwhile, you can try to make you own choice using TunnelLocalPortNumber raw session settings:
https://winscp.net/eng/docs/rawsettings#tunnellocalportnumber

Reply with quote

martin
Site Admin
martin avatar

Re: Winscp Sporadically fails on Host key does not match

I forgot to mention how it relates to the host key. It actually seems that the session connects to a tunnel opened at the same by another connection. So it connects to a wrong host. That's why the host key does not match.

Reply with quote

Advertisement

DotnetDeveloper

Thank you so much for the temporary fix version to report a meaningful error, Martin.
Can you please give me the direct link to the version to download? I could not find it.
Any estimate at this time for a permanent fix?

Reply with quote

Advertisement

You cannot post new topics in this forum