Revolving Host Key Error :: Support Forum

BHanson
Joined:: 2022-12-27
Posts:: 2
Location:: Cleveland, OH

Revolving Host Key Error

2023-01-02 21:03

Hi,

I am using WinSCPnet in a .NET framework console app Runtime Version v4.0.30319, Version 1.12.0.12858.

I have successfully connected from a Windows Server 2019 machine to the target SFTP server and put files... sometimes. Sometimes I get the dreaded host key does not match configured key fingerprint message.

I log the errors to get the key it is looking for, and there are three of them that revolve.
I will use "ecdsa-sha2-nistp256 256 1111111111111111111111111111" and it will say I need to switch to "ecdsa-sha2-nistp256 256 222222222222222222222222222".
So I switch to the key with 222222 and it will say bad key, you need to use "ecdsa-sha2-nistp256 256 33333333333333333333333333333"
I switch to "ecdsa-sha2-nistp256 256 33333333333333333333333333333" and it works.
Then I will try the next day with key "ecdsa-sha2-nistp256 256 33333333333333333333333333333" and the error says I need to use "ecdsa-sha2-nistp256 256 222222222222222222222222222"

I would love any advice to be confident in my SshHostKeyFingerprint. I am experienced .NET developer but new to SFTP and WinSCP.

Thanks and here's my code.

// Setup session options
SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "aaaaa",
    PortNumber = 22,
    UserName = "bbbbb",
    Password = "ccccc",
    //SshHostKeyFingerprint = "ecdsa-sha2-nistp256 256 1111111111111111111111111111"
    SshHostKeyFingerprint = "ecdsa-sha2-nistp256 256 222222222222222222222222222"                
    //SshHostKeyFingerprint = "ecdsa-sha2-nistp256 256 33333333333333333333333333333"
};
 
using (Session session = new Session())
{
    // Connect
    session.Open(sessionOptions);
 
    // Upload files
    TransferOptions transferOptions = new TransferOptions();
    transferOptions.TransferMode = TransferMode.Binary;
 
    TransferOperationResult transferResult;
    transferResult = session.PutFiles(@"\\from directory\*", "/To sftp directory/In/", false, transferOptions);
                  
    // Throw on any error
    transferResult.Check();                    
}

BHanson

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,551
Location:: Prague, Czechia

Re: Revolving Host Key Error

2023-01-05

It looks like you are connecting to a load-balancer with three different SFTP servers behind it. You can put all three hostkeys of those three servers to SessionOptions.SshHostKeyFingerprint. Separate the host keys by semicolons.

SshHostKeyFingerprint =
    "ecdsa-sha2-nistp256 256 1111111111111111111111111111;" +
    "ecdsa-sha2-nistp256 256 2222222222222222222222222222;" +
    "ecdsa-sha2-nistp256 256 3333333333333333333333333333";

See https://winscp.net/eng/docs/library_sessionoptions#sshhostkeyfingerprint

Reply with quote