在 SSH.NET 中检查 SFTP/SSH 指纹 [英] Checking SFTP/SSH fingerprint in SSH.NET

问题描述

我目前正在创建一个 SSIS 包，我需要连接到安全服务器来复制一些文件，我想通过服务器发送的公钥指纹验证连接.

I'm currently creating an SSIS package where I need to connect to a secure server to copy some files and I would like to validate the connection via the public key fingerprint the server sends.

我对这方面不是很熟悉，总能指望在连接时有指纹发送吗?

I'm not very familiar in this area, can I always expect there to be a fingerprint sent when connecting?

该包之前使用了WinSCP，在代码中烘焙了指纹，格式为ssh-dss 1024 [hex representation].我假设这种格式是从 PuTTY 中获取的，因为这是我在连接到新服务器时看到它的方式，它要求我进行验证.WinSCP 照原样处理了验证.

The package previously used WinSCP, and a fingerprint was baked into the code in the format of ssh-dss 1024 [hex representation]. I assume this format is taken from PuTTY, because that's how I see it while connecting to a new server and it's asking me to verify. WinSCP took this as is and handled the verification.

我打算切换到 SSH.NET，它的机制要求我手动检查指纹.我可以仅根据十六进制来验证连接，还是还需要检查密钥长度和使用的算法?

I'm planning to switch to SSH.NET and its mechanism requires me to check the fingerprint by hand. Can I verify the connection based on just the hex, or do I need to also check the key length and the algorithm used?

推荐答案

您可以仅基于十六进制来实现 - 首先您需要编写(或复制/使用)一个实用方法来将您的十六进制字符串转换为字节数组(取决于您的十六进制字符串的格式)- 下面的示例用于转换以冒号分隔的字符串(例如，1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52")

You can do it just based on the hex - first you'll want to write (or copy/use) a utility method to convert your hex string to a byte array (which will depend on the format of your hex string) - the example below is for converting a string delimited by colon (e.g. "1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52")

public static byte[] ConvertFingerprintToByteArray( String fingerprint )
{
    return fingerprint.Split( ':' ).Select( s => Convert.ToByte( s, 16 ) ).ToArray();
}

然后您只需附加到 SftpClient 对象的 HostKeyReceived 事件.

Then you simply attach to the HostKeyReceived event of the SftpClient object.

SftpClient sftpClient = new SftpClient( Hostname, Username, Password );
sftpClient.HostKeyReceived += delegate ( object sender, HostKeyEventArgs e )
{
    var b = ConvertFingerprintToByteArray(
        "1d:c1:5a:71:c4:8e:a3:ff:01:0a:3b:46:17:6f:e1:52" );
    if( e.FingerPrint.SequenceEqual( b ) )
        e.CanTrust = true;
    else
        e.CanTrust = false;
};

如果此检查失败，则 SSH.NET 将抛出 SshConnectionException - 带有 密钥交换协商失败" 的消息.

If this check fails then SSH.NET will throw an SshConnectionException – with a message of "Key exchange negotiation failed".

希望这会有所帮助.

这篇关于在 SSH.NET 中检查 SFTP/SSH 指纹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！