This project is read-only.

Speed and server certificate

Nov 10, 2011 at 4:42 AM

Hey guys,

I found this lib yesterdays evening and was really happy about is because I really needed SFTP support for my current project. It works quite nice. But there are two points I have to know about:

  • Is there any kind of callback to check wether I want to trust the server certificate?
  • Why is the implementation so slow? When I measure the time to create 10 directories (without the connection and disconnection time) it takes about 2 seconds.

So far, thanks for your great work!!!

Thekwasti

Nov 10, 2011 at 9:45 AM

Oh sorry. The question concerning the speed has "fixed" itself. I faced the low speed in my unit tests. Seems like under normal conditions the speed is acutally really good.

So there is just my question about the server cerificate left.

 

Greetz

Thekwasti

Nov 10, 2011 at 10:40 AM

Hi & Thanks!

We are prioritizing a stable library, so performance isn't our focus at the moment. (Unless something terribly happens)

I just did a quick look for anything for key authentication on the client side, but I couldn't find anything. I will let Oleg reply to this one.

 

Nov 10, 2011 at 2:34 PM

To quickly answer your questions while I am still busy with other project

1. Currently no but its defeniatly possible, I just dont know what information I should return in callback and when so may be I can work with you on that some time later this month.

2. I would need you to post a code sample that you use and time so I could compare to my servers here and see where the issue could be. In the past I found out that different encryption algorithms produces different speed results so you could play with that if you like.

 

Thanks,

Oleg

Nov 23, 2011 at 3:07 PM

Thekwasti,

 

I have a question regarding certificate.

What exact information you would like to see and what authentication method do you use?

There is some information going back and forth during key based authentication which I can expose if needed and as far as certificate authentication, then its nor supported at the moment, dont really have a server set up where I can test it.

 

Thanks,

Oleg

Nov 24, 2011 at 1:03 PM

Olegkap,

well I'm not very sure about the details. But in all SSH clients I uses so far (ssh from OpenSSH, FileZilla, etc.) there is a SSL certificate transfered fromt the server to the client and the client asks if to trust this cert if connecting for the first time. I have a server. If there is a possibility to write you a private message I can give you the address so you can test.

 

Greetz

Nov 24, 2011 at 1:10 PM

If I kick my server from the .ssh/known_hosts file and try to connect with ssh commandlinetool from OpenSSH, I get the following output:

The authenticity of host '*****.com' (85.214.***.***)' can't be established.
RSA key fingerprint is 69:d6:62ec:0a:2a:**:**:**:**:**:**:**:**:**:**.
Are you sure you want to continue connecting (yes/no)?

And I would like a Func<Certificate, bool> callback to allow granting or refusing to trust the server.

I guess (just guessing, not knowing) that the server transfers it public key to the client, the client then asks the server to sign a random phrase with its private key to ensure the server has the private key to his certificate. This would ensure that the server is allowed to use this certificate.

Greetz

Nov 25, 2011 at 1:20 AM

ooh,

OK, I'll check that but sounds to me like it should be possible, I just need to figure out what they call it fingerprint and what SSH packet its coming from.

I will let you know as soon as I have an answer.

Can you please open an issue so I dont forget about it, in case I will be destructed by other project.

 

Thanks,

Oleg

Nov 25, 2011 at 6:45 AM

Done.

Thanks!