How to supress "Host Key not verified" warning?

[gresch]

Hi,

the following applies to Delphi 10.3 SFTPclient demo example
with paid Secure Bridge 9.2.4 components

I have changed a few numbers in the local "hostname" key-file to simulated a compromised SSH server, because the
received key will differ from the stored/saved local key then.

But instead of invoking OnServerKeyValidate the component shows a message box
"Host Key not verified [OK]" and refuses to connect.

How can I catch this condition to supress the MessageBox and allow the user to accapt a new key?
Is it possible to translate this message in another language ?

thank you
Gregor

[ViktorV]

The event handler TScSSHClient.OnServerKeyValidate is triggerred when the server key authentication by the client fails. The failure may occur in two scenarios: the key is not found on the client side (this scenario is handled in our ScSFTPClient demo project) or the key does not match the key received from the server (this scenario is not handled in the demo project). To accomplish your task, you may use this code:

Code: Select all

var
  Key: TScKey;
  fp, msg: string;
  KeyCreated: boolean;
begin
  Key := FileStorage.Keys.FindKey(HostKeyName);
  if (Key = nil) or not Key.Ready or ((Key <> nil) and not NewServerKey.Equals(Key)) then begin
    KeyCreated := False;
    NewServerKey.GetFingerPrint(haMD5, fp);
    msg := 'The authenticity of server can not be verified.'#13#10 +
           'Fingerprint for the key received from server: ' + fp + '.'#13#10 +
           'Key length: ' + IntToStr(NewServerKey.BitCount) + ' bits.'#13#10 +
           'Are you sure you want to continue connecting?';

    if MessageDlg(msg, mtConfirmation, [mbOk, mbCancel], 0) = mrOk then begin
      if Key = nil then begin
        Key := TScKey.Create(nil);
        KeyCreated := True;
      end;
      try
        Key.Assign(NewServerKey);
        Key.KeyName := HostKeyName;
        if KeyCreated then
          FileStorage.Keys.Add(Key);
      except
        Key.Free;
        raise;
      end;

      Accept := True;
    end;
  end;
end;

[gresch]

Thank you Viktor - that helped/worked.

I additionally added a try except wrapper around the Connect method to supress the "Host Key not verified [OK]" MessageBox when the user refuses to acknowlege the genaration of a new key.
Like this:

Code: Select all

    try
      ScSSHClient.Connect;
    except
      on e: escError do
        begin
        if e.ErrorCode = seHostKeyNotVerifed then    ShowMessage( ' Verbindungsabbruch wegen falschem Serverkey');
        end;
    end;

Again - thank you for your help and have a nice weekend.

- gregor

[ViktorV]

Thank you for the interest to our product.
It is good to see that the problem has been solved.
If you have any questions during using our products, please don't hesitate to contact us - and we will try to help you solve them.