EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ServerKey Alogrithm inconsistent between connections

Posted: 07/02/2015 11:46:01
by Ben Way (Standard support level)
Joined: 07/02/2015
Posts: 5

We have created an SFTP service that uses SBB. We use this one service from several areas of our application.

We have found that when attempting to connect to a remote server using identical connection settings the ServerKey Algorithm and therefore the md5 fingerprint will be different, causing the fingerprint validation to fail.

Why would connecting to the exact same server using the exact same credentials sometimes return a DSA key and sometimes an RSA key?

How can we enforce returning the key the same way each time to allow for consistent fingerprint validation?
Posted: 07/02/2015 12:54:06
by Eugene Mayevski (Team)

Are you connecting to the third-party server or you have created the server using SecureBlackbox?

The easiest is to disable RSA on the client, forcing the server to return DSA keys if available and fail otherwise.

The other way is to use PublicKeyAlgorithmPriorities property and arrange DSA before or after RSA. However, this gives only partial control and can work or not work depending on the server.

It's a common situation when the single host is resolved to two different servers with different keys configured, in which case none of the above solutions would work.

So the only proper way is to compare the key fingerprint with stored RSA and DSA fingerprints separately.

Sincerely yours
Eugene Mayevski



Topic viewed 663 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!