validating fingerprint as string

Feb 16, 2012 at 12:42 PM

i am using the SSH.Net to upload files to some sftp servers.

for all the servers i have the ip, port, username, password and fingerprint.

the fingerprint is a string, which looks like : "ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12".

for the SftpClient i supply all the data without the fingerprint, and it connects fine.

now i want to validate again the connection and compare the host's fingerprint with the one i have.

i find according to the first part the encryption (ssh-rsa) and find the HostKeyAlgorithms.

now i have the value, but still can't see the fingerprint string to compare with the one i have.

                using (SftpClient sftp = new SftpClient("SftpServerIpAddress", 22, "SftpUserName", "SftpPassword"))
                {
                    string key = @"ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12";
                    string[] fingerprint = key.Split(' ');

                    sftp.Connect();
                    var keyAlgorithm = sftp.ConnectionInfo.HostKeyAlgorithms.FirstOrDefault(k => k.Key.StartsWith(fingerprint[0]));
                    if (fingerprint[2] == keyAlgorithm.Value.ToString())
                    {
                        //no no no
                    }
                }

i'd really appreciate your help here.

Coordinator
Feb 16, 2012 at 1:40 PM

Hi,

 

Here is an example on how to validate fingerprint, but not as a string:

            using (var ssh = new SshClient(connectionInfo))
            {
                ssh.HostKeyReceived += delegate(object sender, HostKeyEventArgs e)
                {
                    var sb = new StringBuilder();
                    foreach (var b in e.FingerPrint)
                    {
                        sb.AppendFormat("{0:x}:", b);
                    }
                    Console.WriteLine("Can trust this fingerprint: {0}", sb);
                    var key = Console.ReadKey();
                    if (key.KeyChar == 'Y')
                        e.CanTrust = true;
                    else
                        e.CanTrust = false;
                };

                ssh.Connect();
                ssh.Disconnect();
            }

I think you can probably create string from it and validate it that way if you like.

Hope it helps.

Thanks,
Oleg

Feb 16, 2012 at 2:58 PM

thanks!

it really helped, as the StringBuilder shows the same fingerprint as I was expecting.

So, if I get SshConnectionException I know the fingerprint or credentials are the reason for the failure.

Jan 31, 2015 at 12:05 AM
Edited Jan 31, 2015 at 12:10 AM
Here's another example:
            using (var sftp = new SftpClient(host, username, password))
            {
                sftp.HostKeyReceived += (sender, e) => {

                    var knownFingerprint = "ssh-rsa 2048 5b:eb:4e:ef:ab:cd:25:2c:37:58:b6:2d:08:d5:56:12";

                    var providedFingerprint = String.Format(
                        "{0} {1} {2}",
                        e.HostKeyName,
                        e.KeyLength,
                        String.Join(":", e.FingerPrint.Select(b => b.ToString("x")))
                        );

                    e.CanTrust = knownFingerprint == providedFingerprint;
                };

                sftp.Connect(); // <- HostKeyReceived executes. If CanTrust was set to false, Connect() will throw an exception
                // ...
            }