Archived Forum Post

Index of archived forum posts

Question:

HostKeyFingerprint validation

Feb 04 '14 at 08:44

When connection from C# using ChilKat SFTP i never get prompted if I accept the HostKeyFingerPrint or not.

//SFtp.HostKeyFingerprint is empty SFtp.Connect(hostname, port); //SFtp.HostKeyFingerprint got a value

I can't find any method to tun the automatic acceptance of the HostKeyFingerPrint on/off.


Answer

I think it is up to you to maintain a database/list of known Host Keys, and then compare the contents of the HostKeyFingerprint property after you connect to the server to see if it is a known host. If unknown, you can then inform the user and request permission to connect. If granted permission, store the host key in your known hosts database/file. If not granted permission, disconnect.