Hi,
the following applies to Delphi 10.3 SFTPclient demo example
with paid Secure Bridge 9.2.4 components
I have changed a few numbers in the local "hostname" key-file to simulated a compromised SSH server, because the
received key will differ from the stored/saved local key then.
But instead of invoking OnServerKeyValidate the component shows a message box
"Host Key not verified [OK]" and refuses to connect.
How can I catch this condition to supress the MessageBox and allow the user to accapt a new key?
Is it possible to translate this message in another language ?
thank you
Gregor
How to supress "Host Key not verified" warning?
Re: How to supress "Host Key not verified" warning?
The event handler TScSSHClient.OnServerKeyValidate is triggerred when the server key authentication by the client fails. The failure may occur in two scenarios: the key is not found on the client side (this scenario is handled in our ScSFTPClient demo project) or the key does not match the key received from the server (this scenario is not handled in the demo project). To accomplish your task, you may use this code:
Code: Select all
var
Key: TScKey;
fp, msg: string;
KeyCreated: boolean;
begin
Key := FileStorage.Keys.FindKey(HostKeyName);
if (Key = nil) or not Key.Ready or ((Key <> nil) and not NewServerKey.Equals(Key)) then begin
KeyCreated := False;
NewServerKey.GetFingerPrint(haMD5, fp);
msg := 'The authenticity of server can not be verified.'#13#10 +
'Fingerprint for the key received from server: ' + fp + '.'#13#10 +
'Key length: ' + IntToStr(NewServerKey.BitCount) + ' bits.'#13#10 +
'Are you sure you want to continue connecting?';
if MessageDlg(msg, mtConfirmation, [mbOk, mbCancel], 0) = mrOk then begin
if Key = nil then begin
Key := TScKey.Create(nil);
KeyCreated := True;
end;
try
Key.Assign(NewServerKey);
Key.KeyName := HostKeyName;
if KeyCreated then
FileStorage.Keys.Add(Key);
except
Key.Free;
raise;
end;
Accept := True;
end;
end;
end;
Re: How to supress "Host Key not verified" warning?
Thank you Viktor - that helped/worked.
I additionally added a try except wrapper around the Connect method to supress the "Host Key not verified [OK]" MessageBox when the user refuses to acknowlege the genaration of a new key.
Like this:
Again - thank you for your help and have a nice weekend.
- gregor
I additionally added a try except wrapper around the Connect method to supress the "Host Key not verified [OK]" MessageBox when the user refuses to acknowlege the genaration of a new key.
Like this:
Code: Select all
try
ScSSHClient.Connect;
except
on e: escError do
begin
if e.ErrorCode = seHostKeyNotVerifed then ShowMessage( ' Verbindungsabbruch wegen falschem Serverkey');
end;
end;
- gregor
Re: How to supress "Host Key not verified" warning?
Thank you for the interest to our product.
It is good to see that the problem has been solved.
If you have any questions during using our products, please don't hesitate to contact us - and we will try to help you solve them.
It is good to see that the problem has been solved.
If you have any questions during using our products, please don't hesitate to contact us - and we will try to help you solve them.