Skip to content
from home or a client), but you have a physical access to the server site, connect from the server site the first time (e.g. If you are connecting within a company network, you might feel that all the network users are on the same side and spoofing attacks are unlikely, so you might choose to trust the key without checking it. Every time you connect to a server, it compares the server’s host key to the host key you received the last time you connected. In scripting specify the expected fingerprint using -hostkey switch of an open command.
RSA key fingerprint is 33:95:b2:19:c0:b0:e4:91:a0:55:94:65:4a:af:58:c9. Instead you can ask anyone else who has a physical access to the server or who already knows the host key. Make sure the If you want to allow a user to manually verify the host key, use the So I developed a small Python program that calculates a SSH fingerprint from the public key. using SSH terminal). Are you sure you want to continue connecting (yes/no)? If the system administrator sends you more than one fingerprint, you should make sure the one WinSCP shows you is on the list, but it doesn’t matter which one it is.)
Also note that the host key fingerprint is generated from a public key part of the host key only. If you already have verified the host key … © All rights reserved 2000–2020, WinSCP.net For example if you plan to connect to the server from an external site (e.g. With that you can finally connect directly yet securely over a public network. So it gives the warning shown above, and asks you whether you want to trust this host key or not. With .NET assembly, use SessionOptions.SshHostKeyFingerprint property. You can also have the fingerprint displayed in an SSH terminal using Keep the value, if your want to synchronize two directories on the current server. your workplace). If you need to know the fingerprint later on for other purposes, like to verify the host key on another machine, or for automation, go to a WinSCP records the host key for each server you connect to, in the In exceptional situations, when security is not required, such as when connecting within a trusted private network, you can use
You can use Generate session URL function to obtain the value including the required SSH host key or TLS/SSL certificate fingerprint. This is common for virtual servers or servers in a cloud. As you are connecting within private network, you can safely trust any host key. Before connecting for the first time, ensure a security of your local machine and a line to the server. Once you connect, WinSCP caches the fingerprint and will ensure, that the key is unchanged every time you connect later on. If you already have verified the host key for your
Once the key is verified, you can see it during all future sessions on By default, the SSH client verifies the identity of the host to which it connects. If you connect to a server and you receive an unexpected host key, WinSCP can warn you that the server may have been switched and that a spoofing attack might be underway. For example see a solution for You can connect to this specialized server and from it, securely connect to your server (e.g.
However, when you connect to a server for the first time, WinSCP has no way of telling whether the host key is the right one or not. If you already have the host key cached in the PuTTY SSH client, you can import a PuTTY stored session to WinSCP, including the cached host keys. In scripting specify the expected fingerprint using Whether or not to trust the host key is your choice. These keys prevent a server from forging another server’s key. If the keys differ, you will receive a warning and a chance to abandon your connection before you enter any private information such as a password.
If you are using WinSCP to connect to a server for the first time, you will probably see a message looking something like this: SSH host key fingerprint "sha-rsa 2048 does not match patter 2015-01-30 00:43 I'm trying to transfer some files using the winscp.dll and receiving an exception on the fingerprint format. In the real world, most administrators do not provide the host key fingerprint. In the Session box, specify a session URL to use to connect to the other server. $ ssh 192.168.1.100 The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established. (Many modern servers have more than one host key. A special case is getting host key of a server, that you are an administrator of yourself, yet you do not have a direct secure line to connect through.
If you are connecting across a hostile network (such as the Internet), you should check with your system administrator, perhaps by telephone or in person. To prevent this attack, each server has a unique identifying code, called a host key.
The server's rsa2 key fingerprint is: ssh-rsa 2048 2e:db:b6:22:f7:bd:48:f6:da:72:bf:59:d7:75:d7:4e If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. © All rights reserved 2000–2020, WinSCP.net Alternatively, the server provider can provide the host key via some administrative interface. WinSCP records the host key for each server you connect to, in the configuration storage. When writing a WinSCP script or code using WinSCP .NET assembly, use the same methods as described previously to obtain the host key..