Xceed .NET Libraries Documentation
Obtaining the server public key fingerprint

Welcome to Xceed .NET, .NET Standard and Xamarin Libraries! > Task-Based Help > SFTP capabilities > Obtaining the server public key fingerprint

During the connection sequence to a SSH server, the server sends its public key for authentication by the client. By default, the component accepts the public key received and the connection sequence moves to its next step.

It is possible for an application to be notified when the server's public key is received and authenticate the key using whatever method is appropriate for the application (e.g., using certificates or a local database, etc).

SSHClient's HostKeyReceived event governs this functionality. The event is triggered during connection sequence to a SSH server when the server's public key is received for authentication. The event arguments contain the server's public key. The key is available as an MD5 fingerprint or as the raw byte array. An application that subscribes to the event can accept or reject the key with the AcceptHostKey property.

using Xceed.SSH.Client;
using Xceed.SSH.Core;
using Xceed.SSH.Protocols;
using Xceed.FileSystem;

namespace DocumentationExamples.SSH
{
  class PublicKeyFingerprint1
  {
    private static void OnHostKeyReceived( object sender, HostKeyReceivedEventArgs e )
    {
      /* The server's fingerprint is available as both a both array or a string */
      byte[] hostKeyMD5Fingerprint = e.HostKeyMD5Fingerprint;
      string hostKeyMD5FingerprintString = e.HostKeyMD5FingerprintString;

      /* TODO: Perform your fingerprint validation... */

      /* We can choose to accept or reject the server's key. Here we accept. */
      e.AcceptHostKey = true;
    }

    static void Example()
    {
      string host = "sftptest.dreamhosters.com";
      string username = "snippet_sftp";
      string password = "9MNfGgSx";

      SSHClient ssh = new SSHClient();

      // Ask to be notified when we receive the server's key and other information
      ssh.HostKeyReceived += OnHostKeyReceived;

      try
      {
        ssh.Connect( host );
      }
      // These exception can be thrown by a call to Connect()
      catch( SSHIdentificationStringException )
      {
        // This means the component was unable to identify the server as a SSH server
        throw;
      }
      catch( SSHKeyExchangeException )
      {
        // This means the client and the server failed to negotiate terms for a connection
        // This usually indicates an interoperability problem with certain old or broken servers
        throw;
      }
      catch( UnsupportedSSHProtocolException )
      {
        // This means the server is using a version of the SSH protocol that is not supported.
        throw;
      }
      catch( SSHTimeoutException )
      {
        // This means the client did not receive a response from the server within the required
        // time. This usually indicate a problem with the Internet connection or an interoperability
        // problem between the server and the client.
        throw;
      }

      try
      {
        try
        {
          ssh.Authenticate( username, password );

          /* ... */
        }
        // These exceptions can be thrown by a call to Authenticate()
        catch( SSHIncorrectPasswordException )
        {
          // This means the authentication method is supported by the server but the password
          // was incorrect for the specified username 
          throw;
        }
        catch( SSHAuthenticationPartialSuccessException )
        {
          // This means the authentication was successful but the server requires an additional authentication
          // using another method specified in the exception information
          throw;
        }
        catch( SSHUnsupportedAuthenticationMethodException )
        {
          // This means the authentication method is not supported by the server
          throw;
        }
        catch( SSHAuthenticationFailedException )
        {
          // This means the authentication method failed
          throw;
        }
      }
      finally
      {
        // Always make sure to disconnect from the server when the connection is no longer needed
        ssh.Disconnect();
      }
    }
  }
}
Imports Xceed.SSH.Client
Imports Xceed.SSH.Core
Imports Xceed.SSH.Protocols
Imports Xceed.FileSystem

Namespace DocumentationExamples.SSH
  Friend Class PublicKeyFingerprint1
    Private Shared Sub OnHostKeyReceived(ByVal sender As Object, ByVal e As HostKeyReceivedEventArgs)
      ' The server's fingerprint is available as both a both array or a string 
      Dim hostKeyMD5Fingerprint() As Byte = e.HostKeyMD5Fingerprint
      Dim hostKeyMD5FingerprintString As String = e.HostKeyMD5FingerprintString

      ' TODO: Perform your fingerprint validation... 

      ' We can choose to accept or reject the server's key. Here we accept. 
      e.AcceptHostKey = True
    End Sub

    Private Shared Sub Example()
      Dim host As String = "sftptest.dreamhosters.com"
      Dim username As String = "snippet_sftp"
      Dim password As String = "9MNfGgSx"

      Dim ssh As New SSHClient()

      ' Ask to be notified when we receive the server's key and other information
      AddHandler ssh.HostKeyReceived, AddressOf OnHostKeyReceived

      Try
        ssh.Connect(host)
      ' These exception can be thrown by a call to Connect()
      Catch e1 As SSHIdentificationStringException
        ' This means the component was unable to identify the server as a SSH server
        Throw
      Catch e2 As SSHKeyExchangeException
        ' This means the client and the server failed to negotiate terms for a connection
        ' This usually indicates an interoperability problem with certain old or broken servers
        Throw
      Catch e3 As UnsupportedSSHProtocolException
        ' This means the server is using a version of the SSH protocol that is not supported.
        Throw
      Catch e4 As SSHTimeoutException
        ' This means the client did not receive a response from the server within the required
        ' time. This usually indicate a problem with the Internet connection or an interoperability
        ' problem between the server and the client.
        Throw
      End Try

      Try
        Try
          ssh.Authenticate(username, password)

          '... 
        ' These exceptions can be thrown by a call to Authenticate()
        Catch e5 As SSHIncorrectPasswordException
          ' This means the authentication method is supported by the server but the password
          ' was incorrect for the specified username 
          Throw
        Catch e6 As SSHAuthenticationPartialSuccessException
          ' This means the authentication was successful but the server requires an additional authentication
          ' using another method specified in the exception information
          Throw
        Catch e7 As SSHUnsupportedAuthenticationMethodException
          ' This means the authentication method is not supported by the server
          Throw
        Catch e8 As SSHAuthenticationFailedException
          ' This means the authentication method failed
          Throw
        End Try
      Finally
        ' Always make sure to disconnect from the server when the connection is no longer needed
        ssh.Disconnect()
      End Try
    End Sub
  End Class
End Namespace
See Also

General Information

Public Key Cryptography [wikipedia.org]

 

 

Copyright Xceed Software Inc

Send Feedback