Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240)

[JanekRoos]

Hello!
How to implement Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240).
I am using SecureBridge for Delphi 6\Demos\SFTPClient.
For example, if Hostky FIngerPrint is ssh-rsa 2048 8c:ca:e1:27:0a:c5:16:02:5d:6c:34:43:2e:4c:e1:01,
where I can set its verification during connection to the sftp server?

[ViktorV]

To accomplish your task, you can use the method TScKey.GetFingerprint https://www.devart.com/sbridge/docs/tsc ... ingerPrint
See the TDemoForm.DoServerKeyValidate method in the SFTPClient demo project for an example of using ScKey.GetFingerprint.

[JanekRoos]

Is TScKey.GetFingerprint used during Password authentication with SSH Server, SSH Port, User name and Password ?
I mean that TScKey.GetFingerprint is used during authentication with Public key.
How I can compare server's fingerprint with hostkey fingerprint that was given to me before during Password authentication with SSH Server, SSH Port, User name and Password ?

[ViktorV]

The server key is used by the client to authenticate the SSH server. The key name is specified in the property TScSSHClient.HostKeyName. When the client is connecting to the SSH server, SecureBridge looks for the key under the path specified in the property TScFileStorage.Path - if it's found, the client uses the key. If the key was not found, you can use the TScSSHClient.OnServerKeyValidate event handler to obtain the server key and import it to TScFileStorage. If the TScSSHClient.OnServerKeyValidate event handler is not triggered, this means that the server key was found and authenticated.
The server key will be checked in any event, even when authentication by password is used.

[JanekRoos]

How I can avoid appearing this message:
"The authenticity of server can not be verified.
Fingerprint for the key received from server: 8c:ca:e1:27:0a:c5:16:02:5d:6c:34:43:2e:4c:e1:01
Key length: 2048 bit.
Are you sure you want to continue connectivity? Ok Cancel"
I mean than where I can set the hostkey fingeprint to compare with server's fingerprint for not appearing in this question?

[ViktorV]

The client is not aware of the key during the initial connection, therefore the user has to react somehow to the key recieved from the server. If security is not critical, you may ignore the key authentication (this may also be done in the application code by setting the variable Accept to True in the event handler TScSSHClient.OnServerKeyValidate); if security is critical, you should manually request the finger-print from the server and compare it with the finger-print of the received key. Key := FileStorage.Keys.FindKey(HostKeyName);
If security is critical, you can use the following code:

Code: Select all

  if (Key = nil) or not Key.Ready then begin
    NewServerKey.GetFingerPrint(haMD5, fp);
    if (fp = CheckFingeprint) then begin
      Key := TScKey.Create(nil);
      try
        Key.Assign(NewServerKey);
        Key.KeyName := HostKeyName;
        FileStorage.Keys.Add(Key);
      except
        Key.Free;
        raise;
      end;

      Accept := True;
    end;
  end;