WinSCP .NET library: Connect to SFTP server without specifying SSH host key fingerprint

ssh sftp public-key winscp winscp-net
user446923 picture user446923 · Jul 30, 2013 · Viewed 15.5k times · Source

In the current stable release of WinSCP, it seems that using SshHostKeyFingerprint is mandatory and there are no ways to connect to SFTP server without that in SessionOptions. I can see that the ability to bypass is added to the beta (5.2) but I was wondering whether or not it's possible to connect without this fingerprint.

Answer

Martin Prikryl picture Martin Prikryl · Jul 30, 2013

First, make sure you understand that you give-up any security, when you try to bypass SSH host key check. You effectively lose a protection against man-in-the-middle attacks.

Anyway, you can use use SessionOptions.GiveUpSecurityAndAcceptAnySshHostKey.

It's NOT recommended though. You should always set SessionOptions.SshHostKeyFingerprint.
Learn how to determine SSH host key fingerprint.

See also Suppress the use of host key in SFTP or SCP using WinSCP.

Related questions

How to resolve Java UnknownHostKey, while using JSch SFTP library?

I'm running a java program where I transfer a file from one folder to another, using Java SFTP. The problem I'm having is that I'm getting the following error in my Java SFTP (using JSch) : C:\Oracle\Middleware\Oracle_Home\…

Read More
What is use of config.put("StrictHostKeyChecking", "no") in JSch

java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); session.setConfig(config); In above code why we need to set StrictHostKeyChecking value as no while connection to SFTP through JSch API?

Read More
How to run the sftp command with a password from Bash script?

I need to transfer a log file to a remote host using sftp from a Linux host. I have been provided credentials for the same from my operations group. However, since I don't have control over other host, I cannot …

Read More