问题
I am using Tamir.SharpSSH to make SFTP connections in my .NET code. I have servers' host, port, username, password and servers' fingerprint.
I am able to connect to the server without the fingerprint. Is there any way to match the fingerprint that I have with the servers' before making the connection?
Following is my C# code for the connection:
string _ftpURL = "ftp.com"; //Host URL or address of the SFTP server
string _UserName = "Login_Id"; //User Name of the SFTP server
string _Password = "12345"; //Password of the SFTP server
int _Port = 22; //Port No of the SFTP server (if any)
string _ftpDirectory = "ReceivedFiles"; //The directory in SFTP server where the files will be uploaded
string LocalDirectory = "D:\\FilePuller"; //Local directory from where the files will be uploaded
ArrayList UploadedFiles = new ArrayList();
Sftp oSftp = new Sftp(_ftpURL, _UserName, _Password);
oSftp.Connect(_Port);
Is there anyway I can add a check for Server's fingerprint before connecting to the SFTP Server?
回答1:
The SharpSSH is stupid enough not to verify the host keys by default.
You would have to re-implement SshBase.ConnectSession not to set StrictHostKeyChecking to no.
- And then use
JSch.getHostKeyRepository().add()to configure expected host key (or implementHostKeyRepositoryinterface). - Or implement
UserInfointerface, particularly thepromptYesNomethod.
来源:https://stackoverflow.com/questions/28765048/veryfing-fingerprints-using-sharpssh-while-connecting-to-sftp-server