EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSimpleSFTPClient ignores user id / password

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#6280
Posted: 05/15/2008 16:46:50
by Bob Grommes (Basic support level)
Joined: 05/15/2008
Posts: 2

When evaluating SFTP Blackbox (v5) I wrote the below test code and it worked perfectly.

When I purchased the product I got a key for v6. So I uninstalled v5 and installed v6.

Now the same code is throwing the following error:

SFTP connection failed with message: key validation handler is not assigned. PLease handle the OnKeyValidate event and implement proper key validation code there.

Question: why is the identical code ignoring the supplied user ID and password and assuming I'm trying to validate with a key?

SBSimpleSftp.TElSimpleSFTPClient SftpClient = new SBSimpleSftp.TElSimpleSFTPClient();

try {
// SFTP the file back
SftpClient.Username = "username";
SftpClient.Password = "password";
SftpClient.Address = "www.ec.somedomain.com";
SftpClient.Port = 60022;
SftpClient.ASCIIMode = false;
SftpClient.ClientHostname = "";
SftpClient.ClientUsername = "";
SftpClient.CompressionLevel = 6;
SftpClient.ForceCompression = false;
SftpClient.KeyStorage = null;
SftpClient.SFTPExt = null;
SftpClient.Versions = ((short)(28));
SBUtils.Unit.SetLicenseKey("[license key here]");
SftpClient.AuthenticationTypes = SBSSHConstants.Unit.SSH_AUTH_TYPE_PASSWORD | SBSSHConstants.Unit.SSH_AUTH_TYPE_KEYBOARD;
SftpClient.AuthenticationTypes = SftpClient.AuthenticationTypes & (~SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY);

try {
SftpClient.Open();
} catch(Exception ex) {
Console.WriteLine("SFTP connection failed with message: {0}",ex.Message);
Console.Write("Press any key ...");
Console.ReadLine();
Console.WriteLine();
return;
}

Console.WriteLine("SFTP connection established", false);

try {
SftpClient.UploadFile(scoredFile,
@"/FNFXFS/FTPIN/" + Path.GetFileName(scoredFile),
SBSftpCommon.TSBSFTPFileTransferMode.ftmOverwrite);
} catch(Exception ex) {
Console.WriteLine("Error during download: {0}",ex.Message);
Console.Write("Press any key ...");
Console.ReadLine();
Console.WriteLine();
}

} catch (Exception ex) {
ErrorLog.LogError(String.Format("Error PUTting file on SFTP server:{0}{1}",
Environment.NewLine,
ex.ToString()));
Console.WriteLine(ex.ToString());
Console.Write("Press any key ...");
Console.ReadLine();
Console.WriteLine();
} finally {

if (SftpClient.Active) {
SftpClient.Close(true);
}

}

#6281
Posted: 05/15/2008 16:55:54
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Due to security reasons you need to set the OnKeyValidate event handler, which checks the server key validity.
#6282
Posted: 05/15/2008 18:05:59
by Bob Grommes (Basic support level)
Joined: 05/15/2008
Posts: 2

I implemented it, and it works again. But it is a breaking change, and it is not, as far as I could see, documented.
#6284
Posted: 05/16/2008 00:27:32
by Ken Ivanov (EldoS Corp.)

Yes, it is a breaking change, but the reason for it is enforcing validation of server keys by client applications. The protocol is NOT secure if such validation is not implemented correctly.

The change is documented in the Release notes section of the help file.

Reply

Statistics

Topic viewed 3187 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!