Page 1 of 1
Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240)
Posted: Thu 07 May 2020 09:14
by JanekRoos
Hello!
How to implement Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240).
I am using SecureBridge for Delphi 6\Demos\SFTPClient.
For example, if Hostky FIngerPrint is ssh-rsa 2048 8c:ca:e1:27:0a:c5:16:02:5d:6c:34:43:2e:4c:e1:01,
where I can set its verification during connection to the sftp server?
Re: Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240
Posted: Thu 07 May 2020 13:55
by ViktorV
To accomplish your task, you can use the method TScKey.GetFingerprint
https://www.devart.com/sbridge/docs/tsc ... ingerPrint
See the TDemoForm.DoServerKeyValidate method in the SFTPClient demo project for an example of using ScKey.GetFingerprint.
Re: Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240
Posted: Fri 08 May 2020 05:53
by JanekRoos
Is TScKey.GetFingerprint used during Password authentication with SSH Server, SSH Port, User name and Password ?
I mean that TScKey.GetFingerprint is used during authentication with Public key.
How I can compare server's fingerprint with hostkey fingerprint that was given to me before during Password authentication with SSH Server, SSH Port, User name and Password ?
Re: Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240
Posted: Fri 08 May 2020 11:21
by ViktorV
The server key is used by the client to authenticate the SSH server. The key name is specified in the property TScSSHClient.HostKeyName. When the client is connecting to the SSH server, SecureBridge looks for the key under the path specified in the property TScFileStorage.Path - if it's found, the client uses the key. If the key was not found, you can use the TScSSHClient.OnServerKeyValidate event handler to obtain the server key and import it to TScFileStorage. If the TScSSHClient.OnServerKeyValidate event handler is not triggered, this means that the server key was found and authenticated.
The server key will be checked in any event, even when authentication by password is used.
Re: Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240
Posted: Fri 08 May 2020 12:47
by JanekRoos
How I can avoid appearing this message:
"The authenticity of server can not be verified.
Fingerprint for the key received from server: 8c:ca:e1:27:0a:c5:16:02:5d:6c:34:43:2e:4c:e1:01
Key length: 2048 bit.
Are you sure you want to continue connectivity? Ok Cancel"
I mean than where I can set the hostkey fingeprint to compare with server's fingerprint for not appearing in this question?
Re: Hostkey FingerPrint verification in SecureBridge 9.2 for Delphi 6 Note: Requires Update Pack 2 (Delphi 6 Build 6.240
Posted: Thu 14 May 2020 11:43
by ViktorV
The client is not aware of the key during the initial connection, therefore the user has to react somehow to the key recieved from the server. If security is not critical, you may ignore the key authentication (this may also be done in the application code by setting the variable Accept to True in the event handler TScSSHClient.OnServerKeyValidate); if security is critical, you should manually request the finger-print from the server and compare it with the finger-print of the received key. Key := FileStorage.Keys.FindKey(HostKeyName);
If security is critical, you can use the following code:
Code: Select all
if (Key = nil) or not Key.Ready then begin
NewServerKey.GetFingerPrint(haMD5, fp);
if (fp = CheckFingeprint) then begin
Key := TScKey.Create(nil);
try
Key.Assign(NewServerKey);
Key.KeyName := HostKeyName;
FileStorage.Keys.Add(Key);
except
Key.Free;
raise;
end;
Accept := True;
end;
end;