Host key wasn't verified
Hello,
We are using WinSCP v5.5.6.
One of our clients is moving from FTP to SFTP and for that they have generated a new RSA key pair.
When trying to connect to said client's SFTP server via WinSCP's GUI (or FileZilla) using the new Private Key, the connection is established successfully, however when connecting via .NET the program throws an error stating "Host key wasn't verified!" and the inner exception is "The server's rsa2 key fingerprint is: ssh-rsa 2048 xx:xx:...".
The fingerprint that we are sending is "ssh-rsa 1024 xx:xx:...".
The old keys before were indeed in size 2k, but the newly generated keys are in 1k, so why does WinSCP still think we are sending the old fingerprint? Does it store the old fingerprint somewhere in its cache or registry? and if so, how can we remove them? We tried using the Clean-Up option in the GUI but that did not help.
This is our batch:
As you can see we are not using the password but instead we are supplying the Private Key path.
So how is it possible that when we use the GUI to connect (username & PK path) it works fine, yet when we use the assembly, using the exact same username & PK path, it throws an error? Because of that , we cannot determine if the error is on our end, or on our client's.
P.S. Since we are using the old WinSCP version we are using the fingerprint as MD5 , not as SHA256. Also , the newly generated pair was generated with the old version of PuTTyGen (PPK 2), since PPK 3 would result in "putty key format too new" error message.
Thank you
We are using WinSCP v5.5.6.
One of our clients is moving from FTP to SFTP and for that they have generated a new RSA key pair.
When trying to connect to said client's SFTP server via WinSCP's GUI (or FileZilla) using the new Private Key, the connection is established successfully, however when connecting via .NET the program throws an error stating "Host key wasn't verified!" and the inner exception is "The server's rsa2 key fingerprint is: ssh-rsa 2048 xx:xx:...".
The fingerprint that we are sending is "ssh-rsa 1024 xx:xx:...".
The old keys before were indeed in size 2k, but the newly generated keys are in 1k, so why does WinSCP still think we are sending the old fingerprint? Does it store the old fingerprint somewhere in its cache or registry? and if so, how can we remove them? We tried using the Clean-Up option in the GUI but that did not help.
This is our batch:
try { string sFile = ConfigurationManager.AppSettings["sFile"]; string sFolder = ConfigurationManager.AppSettings["sFolder"]; string sftpHostName = ConfigurationManager.AppSettings["sftpHostName"]; string sPort = ConfigurationManager.AppSettings["sPort"]; string sUserName = ConfigurationManager.AppSettings["sUserName"]; string sPassword = ConfigurationManager.AppSettings["sPassword"]; string HostKeyFingerprint = ConfigurationManager.AppSettings["HostKeyFingerprint"]; string sessionLogPath = ConfigurationManager.AppSettings["sessionLogPath"]; string sshPrivateKeyPath = ConfigurationManager.AppSettings["sshPrivateKeyPath"]; SessionOptions sessionOptions = new SessionOptions(); sessionOptions.Protocol = Protocol.Sftp; sessionOptions.FtpMode = FtpMode.Passive; sessionOptions.HostName = sftpHostName; sessionOptions.UserName = sUserName; // sessionOptions.Password = sPassword; sessionOptions.SshHostKeyFingerprint = HostKeyFingerprint; sessionOptions.SshPrivateKeyPath = sshPrivateKeyPath; sessionOptions.PortNumber = int.Parse(sPort); using (Session session = new Session()) { session.SessionLogPath = sessionLogPath + "\\log.txt"; Console.WriteLine("Starting Session..."); session.Open(sessionOptions); Console.WriteLine("Session Opened"); // Upload files TransferOptions transferOptions = new TransferOptions(); transferOptions.TransferMode = TransferMode.Binary; Console.WriteLine("Putting Files in remote folder started"); TransferOperationResult transferResult = session.PutFiles(sFile, sFolder, false, transferOptions); transferResult.Check(); Console.WriteLine("Putting Files in remote folder ended"); // Print results foreach (TransferEventArgs transfer in transferResult.Transfers) { Console.WriteLine(string.Format("Upload of {0} in secure ftp to {1} folder:{2} succeeded", transfer.FileName, sftpHostName, sFolder)); } Console.ReadKey(); } } catch (Exception e) { Console.WriteLine("Exception occurred: " + e.Message); Console.WriteLine("Inner Exception: " + e.InnerException?.Message); Console.ReadKey(); }
As you can see we are not using the password but instead we are supplying the Private Key path.
So how is it possible that when we use the GUI to connect (username & PK path) it works fine, yet when we use the assembly, using the exact same username & PK path, it throws an error? Because of that , we cannot determine if the error is on our end, or on our client's.
P.S. Since we are using the old WinSCP version we are using the fingerprint as MD5 , not as SHA256. Also , the newly generated pair was generated with the old version of PuTTyGen (PPK 2), since PPK 3 would result in "putty key format too new" error message.
Thank you
