The basic elements of configuring an
SFTP connection are:
· Server
Validation:Ensuring the SSH server is validated is an important issue in SFTP.
By default an attempt will be made to validate the server using the client's local
store of server public keys. Typically, the server's public key is stored in either a
file containing that single key, or in a file often called known_hosts which
can contain a number of public keys for different servers. When the client connects
to the server, the server's public key is returned and compared with the available
public keys stored in the client.
· Client
Authentication: Clients are authenticated by either username and password, or
private key and private key passphrase. In the first case, the user requires an
account on the server that is set up for SFTP access. In the second case, the user's
public key must be registered with the server (typically by copying it into an
authorized_keys file on the server), and the user's private key must be loaded
by the client.
The server's hostname or IP
address is looked up to find what public keys have been registered with the
client. The public key (as provided by the server) is checked against the
client's stored public key.
AutomaticNoNameCheck
The client's list of
registered public keys is searched through, looking for a public key matching
that provided by the server. The hostname is ignored.
Usage of server validation is
strongly recommended since it minimizes the possibility of inadvertently
communicating with the wrong server. While developing code, however, the
programmer might like to postpone any possible validation issues by disabling server
validation with None.
In Automatic server
validation, the client loads the server's public key from known_hosts or
public key files. The public key of each server is stored together with the hostname
and the type of public key (DSS or RSA) algorithm used. Upon connection, the server
sends its public key to the client, which looks up the hostname or IP address of the
server in the list and then compares the stored public key with the public key
supplied by the server. If a match is not found, the server validation fails and the
connection attempt is terminated.
In AutomaticNoNameCheck the
list of public keys is searched for a match with the public key supplied by the
server, ignoring hostname and IP address. If a match is not found, the server
validation fails and the connection attempt is terminated.