How to use SFTP (with
server validation - known hosts)
The topic How to use SFTP (with server validation)
gives an overview of server
validation. Many SSH implementations use a file called known_hosts which is
loaded by clients to validate servers. Typically, this file is generated when the
client first connects to a server - a prompt asks if the server should be added to
the list of known hosts.
The known_hosts file contains
a list of approved servers and their public keys. Setting
ServerValidation to Automatic instructs the client to use this list to
validate the servers that it connects to. Setting
ServerValidation to AutomaticNoNameCheck
is similar, however the server name
is ignored in the validation process.
A single line in a known_hosts file looks like this:
The first field is the hostname, i.e. the SSH server. The IP address
is also listed - a number of comma separated hostnames and IP addresses can be
The second field is the applicable public key algorithm -"ssh-rsa" (for RSA key
pairs) or "ssh- dss" (for DSA key pairs).
The third field is the public key encoded using base 64.
The known_hosts file normally
consists of multiple lines, one for each of the hosts that the client may wish to
connect to. It is quite typical for a host to have entries in two lines, so that both
RSA and DSA public keys can be listed.
If another known_hosts file is
subsequently assigned to this property, its contents will be added to the current
list of known hosts.
To clear out the current list of
known hosts, use the KnownHostsManager's ClearKnownHosts() method, e.g.
Use WriteKnownHosts() to write the current contents of the known hosts
lists to a file: