As discussed in How to use SFTP (with server validation - known hosts), SFTP clients can validate servers by loading a list of approved servers and their public keys, and checking the server key against this list. The list is generally maintained in a file called known_hosts.
SecureFTPConnection manages these public keys via the KnownHostsManager, available in KnownHosts property.
For server validation to be performed, ServerValidation must be set to Automatic or AutomaticNoNameCheck (in which the server name is not checked).
Server public keys can also be maintained in their own key file and be used for server validation without adding them to the known_hosts file. The KnownHostsManager supports explicitly adding server public keys.
The AddKnownHost method requires the hostname and the public key file, as shown below:
ftpConnection.KnownHosts.AddKnownHost("edtmobile", "C:\\myhome\\.ssh\\id_dsa.pub");
SSH public key files have two standard formats - OpenSSH and SECSH. edtFTPnet/PRO supports both these public key formats. Formats can be recognized by their first line as shown in the table below:
Public key
type
|
Start of first line |
OpenSSH (DSA) |
ssh-dss AAAAB3NzaC1kc3MAA ... |
OpenSSH (RSA) |
|
|
---- BEGIN SSH2 PUBLIC KEY ---- |
You can convert between OpenSSH and SECSH using OpenSSH's ssh-keygen (which by default generates OpenSSH keys).
> For example, to convert an OpenSSH public key generated by ssh-keygen to SECSH for use in a commercial SSH server, use:
ssh-keygen -f keyfile -e > keyfile.secsh