在 SSH.NET 中检查 SFTP/SSH 指纹 [英] Checking SFTP/SSH fingerprint in SSH.NET
问题描述
我目前正在创建一个 SSIS 包,我需要连接到安全服务器来复制一些文件,我想通过服务器发送的公钥指纹验证连接.
I'm currently creating an SSIS package where I need to connect to a secure server to copy some files and I would like to validate the connection via the public key fingerprint the server sends.
我对这方面不是很熟悉,总能指望在连接时有指纹发送吗?
I'm not very familiar in this area, can I always expect there to be a fingerprint sent when connecting?
该包之前使用了WinSCP,在代码中烘焙了指纹,格式为ssh-dss 1024 [hex representation]
.我假设这种格式是从 PuTTY 中获取的,因为这是我在连接到新服务器时看到它的方式,它要求我进行验证.WinSCP 照原样处理了验证.
The package previously used WinSCP, and a fingerprint was baked into the code in the format of ssh-dss 1024 [hex representation]
. I assume this format is taken from PuTTY, because that's how I see it while connecting to a new server and it's asking me to verify. WinSCP took this as is and handled the verification.
我打算切换到 SSH.NET,它的机制要求我手动检查指纹.我可以仅根据十六进制来验证连接,还是还需要检查密钥长度和使用的算法?
I'm planning to switch to SSH.NET and its mechanism requires me to check the fingerprint by hand. Can I verify the connection based on just the hex, or do I need to also check the key length and the algorithm used?
推荐答案
您可以仅基于十六进制来实现 - 首先您需要编写(或复制/使用)一个实用方法来将您的十六进制字符串转换为字节数组(取决于您的十六进制字符串的格式)- 下面的示例用于转换以冒号分隔的字符串(例如,1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52")
You can do it just based on the hex - first you'll want to write (or copy/use) a utility method to convert your hex string to a byte array (which will depend on the format of your hex string) - the example below is for converting a string delimited by colon (e.g. "1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52")
public static byte[] ConvertFingerprintToByteArray( String fingerprint )
{
return fingerprint.Split( ':' ).Select( s => Convert.ToByte( s, 16 ) ).ToArray();
}
然后您只需附加到 SftpClient
对象的 HostKeyReceived
事件.
Then you simply attach to the HostKeyReceived
event of the SftpClient
object.
SftpClient sftpClient = new SftpClient( Hostname, Username, Password );
sftpClient.HostKeyReceived += delegate ( object sender, HostKeyEventArgs e )
{
var b = ConvertFingerprintToByteArray(
"1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52" );
if( e.FingerPrint.SequenceEqual( b ) )
e.CanTrust = true;
else
e.CanTrust = false;
};
如果此检查失败,则 SSH.NET 将抛出 SshConnectionException
- 带有 密钥交换协商失败" 的消息.
If this check fails then SSH.NET will throw an SshConnectionException
– with a message of "Key exchange negotiation failed".
希望这会有所帮助.
这篇关于在 SSH.NET 中检查 SFTP/SSH 指纹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!