Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Hello
we use the SshTunnel implementation to connect to a remote system. For security reasons we want to validate the fingerprint of the ssh server before we authenticate but the SshTunnel implementation has no HostKeyFingerprint property. Sftp and the normal Ssh implementation have this property. Currently we connect once with the normal Ssh implementation to get the fingerprint and then connect the SshTunnel. But this is not really how we want to keep it. Theoretically a hacker could, after the disconnect of the check, redirect the second connection to a compromised system and the program wouldn't get an alert about this. Can you implement the HostKeyFingerprint into the SshTunnel implementation?
Greetings
Mike
Here's a new Mono build with the SshTunnel fixes and also includes the HostKeyFingerprint property for SshTunnel:
http://www.chilkatsoft.com/download/preRelease/chilkatMono-9.5.0.zip
Hi Mike,
Yes, I'll add it. Would you need a pre-release of v9.5.0.46 for testing? If so, what programming language, operating system, etc. so I know exactly which build to provide..
Hello
A pre-release for testing would be usefull. We use the mono implementation on Windows and Linux systems (x86 and x64).
Greetings
Mike
Hi Mike, once the SSH Tunnel issue is fixed, then I can provide the new property as promised. Sorry for the delay..
No problem. Better fix the hanging problem first. We are also planing to transfer more data in form of db queries through the tunnel and there would be a chance that we then will also have this problem.
Greetings
Mike
Thanks! The good news is that I'm 99.9% sure I already found the problem, and I'm working on the fix. If successful, then we'll see the new build w/ the new property later today. (Hopefully I haven't spoken too soon!)
-Matt