SFTP.KnownHosts.AddKnownHost(x,y) returning nothing?

Question

Good day.

I am using the edtFTPnetPRO version 8.2.0.20 and trying to add a KnownHost to my connection and when I call

sftpConn.KnownHosts.AddKnownHost("myserver","mylocalpubfile")
I dont get an error from the call - but I end up with a null sftpConn.KnownHosts and my connection fails.

am I not setting something up correct for this?

Answer 1

The code looks fine. I'm not sure how adding a known host could make KnownHosts null. Best to enable logging at the Debug level and post it or email us the log file. There should be a message in the log about adding a public key to the host manager.

Answer 2

ok, will do -

Let me ask this - what other items should I set

ServerValidation needs to be Automatic or AutomaticNoName

I am assuming I need to set the UserName, but not Password - correcT?

=====

My Logging shows:
DEBUG [SSHFTPClient] 24 Aug 2012 14:41:57.738 : HostKeyChecker checking for ssh-rsa public key of 'abccompany.com'

ERROR [SSHFTPClient] 24 Aug 2012 14:41:57.739 : Stored public key for host 'abccompany.com' does not match supplied key

DEBUG [ClientKeyExchanger] 24 Aug 2012 14:41:57.739 : Processed SSH_MSG_KEXDH_INIT reply - failed to verify hostkey

ERROR [SSHFTPClient] 24 Aug 2012 14:41:57.799 : Failed to connect - closing connection

ERROR [SSHFTPClient] 24 Aug 2012 14:41:57.799 : EnterpriseDT.Net.Ftp.Ssh.SFTPAuthenticationException: Authentication failure

ERROR [SSHFTPClient] 24 Aug 2012 14:41:57.799 : at EnterpriseDT.Net.Ftp.Ssh.SSHFTPClient.Connect()

what happens if the customers supplied key is from their host name which is something like 'abccompany.interna.com' but the host I connect to is 'abccompany.com' - could that be the issue.


I have tried to use the CALLBACK feature - and I dont get the authentication error -
What happens there is when it goes to Connect() - it sits there - in that method and never returns.

I see in the log a lot of these repeated steps:

DEBUG [PlainSocket] 24 Aug 2012 16:04:23.846 : RepeatCallback received 68 bytes

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.846 : Packet arrived

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.847 : ProcessAuthenticationResponse: SSH_MSG_USERAUTH_INFO_REQUEST

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.847 : Prompt count = 1

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.847 : Prompt: Enter password:

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.847 : Sent SSH_MSG_USERAUTH_INFO_RESPONSE

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.847 : Waiting for packet

DEBUG [PlainSocket] 24 Aug 2012 16:04:23.941 : RepeatCallback received 76 bytes

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.941 : Packet arrived

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.941 : ProcessAuthenticationResponse: SSH_MSG_USERAUTH_FAILURE

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.941 : Auth partial success. Try: password,publickey,keyboard-interactive

DEBUG [SSH2Connection] 24 Aug 2012 16:04:23.941 : Waiting for packet

Answer 3

ServerValidation should be Automatic.

The message "Auth partial success" means that public key authentication partly succeeded - it may mean that the server also requires a password for this user. So try setting the password as well. You might need to set the authentication method to PublicKeyAndPassword.

If you aren't sure of the hostname, add it for both, e.g.

AddKnownHost("abccompany.interna.com","mylocalpubfile")
AddKnownHost("abccompany.com","mylocalpubfile")

Answer 4

Thanks for the Reply

If I set the AuthenticationMethod to

I get this error
ClientPrivateKeyFile property must be set to the full path of the private key (or ClientPrivateKeyBytes must be set).

which i found odd because I am not using a Client Private Key.

I have gotten the CALLBACK method to work If I supply both the UserName and Password
Also , if I generate a known_host file from the callback (as was in one of your examples) and then use that file by setting the .KnownHosts.KnownHostsFile (again with username/password) it works

but calling the .KnownHosts.AddKnownHost("fooo.com","myfile") doesn't

I noticed the known_host file that gets produced from the call back is not in the same format as the examples you show. It has
hostname ssh-rsa XXXXXXX
there is no ip address.


I dont mind using the callback method and will find out why a password is required.

Thanks for your help

Answer 5

You have to use either a password (for password authentication) or a private key (for public key authentication). First thing to do would be to use the default (password authentication) and set the password.

Answer 6

You have to use either a password (for password authentication) or a private key (for public key authentication). First thing to do would be to use the default (password authentication) and set the password.

Thanks for the response.

I don't want to use password authentication so I need to use Private Key.

I have set my AuthenticationMethod= PublicKey, my UserName is set , Password is blank, ClientPrivateKeyFile is set (but not sure if this works), ClientPrivateKeyPassphrase is set,

ClientPrivateKeyFile starts with:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,277B153E6CFC3B54

...

in the help file it doesnt show that it accepts a RSA PRIVATE KEY - should it?

sorry i am all new to this - does the owner of the SFTP Server provide me with a ClientPrivateKeyFile - or do I generate that off of my client?

Answer 7

The private key is analogous to a password - it needs to be provided by the server administrator.

Answer 8

The private key is analogous to a password - it needs to be provided by the server administrator.

ok, thanks - it is what I thought

Answer 9

The private key is analogous to a password - it needs to be provided by the server administrator.

ok, thanks - it is what I thought

I havent been successful here at all - I think it is an ignorance on both ends - mine and the customers.


The customer has an SFTP Server with a Public Key file.

They have set up a user for me to use to connect to the server -

They would like it that I do not have to supply a Password.

My understanding for this set up is then that I (the client) would need to generate a Private Key (using PuttyGEN.exe - saving a Private Key File) and send that to the customer to tell them this is my Private Key (they only accept the OpenSSH key file so I export as OpenSSH key and email it to them)

They load that private key file to their Server

now I should be able to connect to their SFTP site using both their Public Key and my Private Key

.ServerValidation = SecureFTPServerValidationType.Automatic
.KnownHosts.AddKnownHost("thecustomers.com", "theirPublicKeyFile.pub")

.AuthenticationMethod = EnterpriseDT.Net.Ssh.AuthenticationType.PublicKey
.ClientPrivateKeyFile = "mike_private_key_unprotected.pub"

and this should work?

I'm not having much luck here

Answer 10

Yes if they want you to choose your username & key that's fine - in that case you need to give them your public key (NOT your private key).