1

I am building a SFTP based application using WinSCP .NET assembly.

One 'key' thing that I seem to be missing is that there doesn't appear to be a way for the application to validate the host it's connected to using the SSH-Key unless the user is able to provide it.

As we know this isn't normally the case and I would like to still use the SSH key without the user using a 3rd party program to acquire it.

Before making a connection you either need to set:

ConnectionOption.SshHostKeyFingerprint= SSHkeyString

OR

ConnectionOptions.GiveUpSecurityAndAcceptAnySshHostKey = True

and if you don't know what the key is yet you have no choice to do the latter, and I assume you would be able to get the property of the SSH host key by calling this after the connection is made:

MessageBox.Show(ConnectionOption.SshHostKeyFingerprint)

but that returns an empty result.

I've looked over the documentation for the .NET connector and there doesn't seem a way to retrieve the SSH-Key of the server you're connected to.

It appears there are some other libraries that appear to have this feature, but the ones I found are commercially licensed. I suppose even a regular SSH connector (no ftp) with that ability would work -just to get the SSH key - if I could find one.

So my question is
How to I retrieve an unknown SSH key from a connected server using WinSCP .NET assembly?
OR
Is there another -freely available- library that enables me to retrieve said SSH key?

Improve this question
2
  • How does the user verify the key, if he/she does not know it? Commented Jan 20, 2015 at 8:15
  • As described in the winSCP FAQ, users will often not be able to acquire the key until they first connect to it. I understand this isn't the MOST secure, but rather than completely disabling the check for the host key because the user doesn't know it; the user will at least be able to be notified if it changes on future connections. Commented Jan 20, 2015 at 20:41

1 Answer 1

Reset to default
2

You can use the Session.ScanFingerprint method to implement an interactive host key verification.

There's C# and PowerShell example for Implementing SSH host key cache (known hosts).
It should not be difficult to re-implement it using VB.NET.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Ok, So since WinSCP is lacking this feature in which I am looking for specifically, is there a different library that can be used to acquire the SSH Key? My application does not interactively employ sFTP, just the setup of what gets transferred. Also, Thank you for the correction in the property name, I've updated the question.
@TheOddPerson WinSCP now supports this already. See my updated answer.
Thank you very much. This is most helpful. I wish I could give you another upvote here :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.