EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ServerKey Alogrithm inconsistent between connections

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#33869
Posted: 07/02/2015 11:46:01
by Ben Way (Standard support level)
Joined: 07/02/2015
Posts: 5

We have created an SFTP service that uses SBB. We use this one service from several areas of our application.

We have found that when attempting to connect to a remote server using identical connection settings the ServerKey Algorithm and therefore the md5 fingerprint will be different, causing the fingerprint validation to fail.

Why would connecting to the exact same server using the exact same credentials sometimes return a DSA key and sometimes an RSA key?

How can we enforce returning the key the same way each time to allow for consistent fingerprint validation?
#33871
Posted: 07/02/2015 12:54:06
by Eugene Mayevski (EldoS Corp.)

Are you connecting to the third-party server or you have created the server using SecureBlackbox?

The easiest is to disable RSA on the client, forcing the server to return DSA keys if available and fail otherwise.

The other way is to use PublicKeyAlgorithmPriorities property and arrange DSA before or after RSA. However, this gives only partial control and can work or not work depending on the server.

It's a common situation when the single host is resolved to two different servers with different keys configured, in which case none of the above solutions would work.

So the only proper way is to compare the key fingerprint with stored RSA and DSA fingerprints separately.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 569 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!