edtFTPnet/PRO - Secure FTP component for .NET | Free Trial | Pricing

How to use SFTP (with server validation - public key files)

As discussed in How to use SFTP (with server validation - known hosts), SFTP clients can validate servers by loading a list of approved servers and their public keys, and checking the server key against this list. The list is generally maintained in a file called known_hosts.

SecureFTPConnection manages these public keys via the KnownHostsManager, available in KnownHosts property.

For server validation to be performed, ServerValidation must be set to Automatic or AutomaticNoNameCheck (in which the server name is not checked).

Server public keys can also be maintained in their own key file and be used for server validation without adding them to the known_hosts file. The KnownHostsManager supports explicitly adding server public keys.

The AddKnownHost method requires the hostname and the public key file, as shown below:

ftpConnection.KnownHosts.AddKnownHost("edtmobile", "C:\\myhome\\.ssh\\id_dsa.pub");

SSH public key files have two standard formats - OpenSSH and SECSH.  edtFTPnet/PRO supports both these public key formats. Formats can be recognized by their first line as shown in the table below:


Public key type


Start of first line


OpenSSH  (DSA)


ssh-dss AAAAB3NzaC1kc3MAA ...


OpenSSH  (RSA)


ssh-rsa AAAAB3NzaC1yc2EAA ...


SECSH


---- BEGIN SSH2 PUBLIC KEY ----

You can convert between OpenSSH and SECSH using OpenSSH's ssh-keygen (which by default generates OpenSSH keys).

> For example, to convert an OpenSSH public key generated by ssh-keygen to SECSH for use in a commercial SSH server, use:

ssh-keygen -f keyfile -e > keyfile.secsh