Same SFTP server returning different host key fingerprints

Advertisement

marcothz
Joined:
Posts:
2
Location:
Brazil

Same SFTP server returning different host key fingerprints

Hey,
I have an application which connects to a single SFTP server and which expects the following host key fingerprint:
ssh-rsa 4096 cc:f0:**:**:**:**:**:**:**:**:**:**:**:**:**:**
This application is installed and working in many Windows computers. I notice that, in (at least) one of them, the following error message:
Host key does not match configured key fingerprint "ssh-rsa 4096 cc:f0:**:**:**:**:**:**:**:**:**:**:**:**:**:**"!
Host key fingerprint is ssh-rsa 1024 X4op****************************************.
Authentication failed.
So I compared the OS version of this computer with another one where the host key is working and they match:
OS Name:                   Microsoft Windows 7 Professional 
OS Version:                6.1.7601 Service Pack 1 Build 7601
I also ran the same WinSCP.exe version with the same .ini configuration in both computers and got the same behavior.
So I'm wondering what could be the cause of getting the "ssh-rsa 4096" host key in most installations and the "ssh-rsa 1024" in some of them.
I appreciate any help and thank you in advance.

[]s
Marco.

Screenshot_72.png

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,517
Location:
Prague, Czechia

Re: Same SFTP server returning different host key fingerprints

The difference in "Encryption algorithm" display details actually imo show that you are using different versions of WinSCP. The simple "aes" was shown up to WinSCP 5.19.5. Since WinSCP 5.16, the more detailed format is used.

Make sure you upgrade to the latest version of WinSCP everywhere.
If you still have problems afterwards, please post session log files from both systems.

Reply with quote

marcothz
Joined:
Posts:
2
Location:
Brazil

Děkuji martin! 😉
I double checked the WinSCP versions. They are indeed equal, but old v5.13.7.
I tried using WinSCP v5.21.7. The description is different, but unfortunately the behavior is the same.
So I collected logs from a place where the algorithm is "ssh-rsa 4096" and a place where it is "ssh-rsa 1024".
The only meaningful difference I notice is that they connect to different IP addresses, despite using the same URL. Maybe they reach different servers with different keys!?
  • logs.zip (4.59 KB, Private file)

Reply with quote

martin
Site Admin
martin avatar

Well, you have removed all host information from the logs. So we can hardly help you about the IP addresses. If you are 100% sure that you connect to the same hostname on both macvhines, then the problem is likely in the DSN resolution on those machines. Did you try to ping the host names on both machines, to see if they resolve the the same IPs? Or you can use the IP instead of hostname in WinSCP.

Reply with quote

Advertisement

You can post new topics in this forum