How to re-download the public key via TScFileStorage ?

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
docH
Posts: 59
Joined: Sun 22 Dec 2013 15:18

How to re-download the public key via TScFileStorage ?

Post by docH » Thu 29 Oct 2020 09:02

The page

Code: Select all

https://www.devart.com/sbridge/docs/index.html?ssh_tunnel_principles.htm
under SSH client setup/storage setup says
2.Upon the first connect to the server you receive its public key that has to be stored in the storage for the future use to authenticate the server
.

When I connected to a remote server at design time this is indeed what happened. TScFileStorage downloaded a public key from the server as soon as I connected. I could then see the filename of the downloaded public key and, again at design time, assign that filename to the HostKeyProperty of the SSHClient component. This worked OK to obtain the public key and assign its filename at design time.

However, the public key might change. So at run time, when my application is running on someone else's PC, I'd like it to re-download the public key, store it via the TScFileStorage component, find out what filename was given to it after it was downloaded and assign that filename to the HostKeyProperty of the SSHClient component.

How is this done?

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: How to re-download the public key via TScFileStorage ?

Post by ViktorV » Thu 29 Oct 2020 17:56

You can set the TScFileStorage.Path property to the value of the corresponding directories where the key file will be stored. In this case, when loading your application on any other machine, the SecureBridge path is to look for key files first of all along the path specified by TScFileStorage.Path.
If the server key changes, then the "Host key not verified" error will be generated when trying to connect to the server. The "Host key not verified" error occurs if the key received from the server and the key specified in HostKeyName do not match. You should handle the TScSSHClient.OnServerKeyValidate event. You can find the more detailed information about this event in SecureBridge help. Also you can look at the sample of this event handling in the SFTPClient demo project. The SFTPClient demo project is located at %SecureBridgeDemos%\SFTPClient. %SecureBridgeDemos% is the path where SecureBridge demo projects are installed on your computer.
The server key is used by the client to authenticate the SSH server. The key name is specified in the property TScSSHClient.HostKeyName. When the client is connecting to the SSH server, SecureBridge looks for the key under the path specified in the property TScFileStorage.Path - if it's found, the client uses the key. If the key was not found, you can use the TScSSHClient.OnServerKeyValidate event handler to obtain the server key and import it to TScStorage. If the TScSSHClient.OnServerKeyValidate event handler is not triggered, this means that the server key was found and authenticated.

docH
Posts: 59
Joined: Sun 22 Dec 2013 15:18

Re: How to re-download the public key via TScFileStorage ?

Post by docH » Thu 29 Oct 2020 18:23

Ok, I think I understand. I use the TScSSHClient.OnServerKeyValidate event to write my own code to do the download, the TScFileStorage can't do it again for me once it has already done it.

I did study the demo you mention but it seems to contain unnecessary code that make the application look nice to run but no comments at all explaining which bits are actually necessary.

I could run it but I couldn't make it connect as there are no instructions saying what I'm supposed to do.

One thing I did notice though is that although I had a key on my hdd called 'livekey.pub' the client seemed to expect the key to have the same name as the host address ie something of the form 123.45.36.134 . But again, as there are no comments in the code I don't know whether that is just the way that demo does it or if that's the only way it must be done.

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: How to re-download the public key via TScFileStorage ?

Post by ViktorV » Sat 31 Oct 2020 09:29

As we wrote earlier, the server key is used by the client to authenticate the SSH server. The key name is specified in the TScSSHClient.HostKeyName property. When connecting to the server, TScFileStorage looks for a file with the .key extension and with the name specified in the TScSSHClient.HostKeyName property under the path specified in the TScFileStorage.Path property. If the Path property is set to an empty string, TScFileStorage will look for the file in the directory with the executable file. You need to import the livekey.pub file to the previously specified key beforehand at design-time or runtime.

Post Reply