This project is read-only.

validating fingerprint as string

Feb 16, 2012 at 1:42 PM

i am using the SSH.Net to upload files to some sftp servers.

for all the servers i have the ip, port, username, password and fingerprint.

the fingerprint is a string, which looks like : "ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12".

for the SftpClient i supply all the data without the fingerprint, and it connects fine.

now i want to validate again the connection and compare the host's fingerprint with the one i have.

i find according to the first part the encryption (ssh-rsa) and find the HostKeyAlgorithms.

now i have the value, but still can't see the fingerprint string to compare with the one i have.

                using (SftpClient sftp = new SftpClient("SftpServerIpAddress", 22, "SftpUserName", "SftpPassword"))
                    string key = @"ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12";
                    string[] fingerprint = key.Split(' ');

                    var keyAlgorithm = sftp.ConnectionInfo.HostKeyAlgorithms.FirstOrDefault(k => k.Key.StartsWith(fingerprint[0]));
                    if (fingerprint[2] == keyAlgorithm.Value.ToString())
                        //no no no

i'd really appreciate your help here.

Feb 16, 2012 at 2:40 PM



Here is an example on how to validate fingerprint, but not as a string:

            using (var ssh = new SshClient(connectionInfo))
                ssh.HostKeyReceived += delegate(object sender, HostKeyEventArgs e)
                    var sb = new StringBuilder();
                    foreach (var b in e.FingerPrint)
                        sb.AppendFormat("{0:x}:", b);
                    Console.WriteLine("Can trust this fingerprint: {0}", sb);
                    var key = Console.ReadKey();
                    if (key.KeyChar == 'Y')
                        e.CanTrust = true;
                        e.CanTrust = false;


I think you can probably create string from it and validate it that way if you like.

Hope it helps.


Feb 16, 2012 at 3:58 PM


it really helped, as the StringBuilder shows the same fingerprint as I was expecting.

So, if I get SshConnectionException I know the fingerprint or credentials are the reason for the failure.

Jan 31, 2015 at 1:05 AM
Edited Jan 31, 2015 at 1:10 AM
Here's another example:
            using (var sftp = new SftpClient(host, username, password))
                sftp.HostKeyReceived += (sender, e) => {

                    var knownFingerprint = "ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12";

                    var providedFingerprint = String.Format(
                        "{0} {1} {2}",
                        String.Join(":", e.FingerPrint.Select(b => b.ToString("x")))

                    e.CanTrust = knownFingerprint == providedFingerprint;

                sftp.Connect(); // <- HostKeyReceived executes. If CanTrust was set to false, Connect() will throw an exception
                // ...