EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Proper implementation of the TElSimpleSSHClient.OnKeyValidate event

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 07/08/2015 12:33:17
by Bogda C (Basic support level)
Joined: 07/08/2015
Posts: 2


Is there a sample that shows a proper implementation of the OnKeyValidate event as described here:

In the samples that come with the product the Validate parameter is set to true and there is a comment that says: "Never do this in production", but I bet this is what people end up doing given the time constraints.

Can you guys please provide a complete sample that shows how one would handle this event? What is the best practice?

Our application is internal, it connects to a linux server and it executes some commands. Do I need to store the public keys of the servers the app can connects to, and check against these public keys?

Posted: 07/08/2015 13:09:03
by Eugene Mayevski (EldoS Corp.)

The article you've reference *is* the Best Practice you are asking about. We can't implement it for you because this should be your educated decision about how to manage and compare keys. TLS addresses this by letting you maintain a Trusted Certificates list and defining certificate validation policies. In SSH you are on your own.

Sincerely yours
Eugene Mayevski



Topic viewed 707 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!