4

In the current stable release of WinSCP, it seems that using SshHostKeyFingerprint is mandatory and there are no ways to connect to SFTP server without that in SessionOptions. I can see that the ability to bypass is added to the beta (5.2) but I was wondering whether or not it's possible to connect without this fingerprint.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
user446923
  • 553
  • 1
  • 10
  • 20

1 Answers1

12

First, make sure you understand that you give-up any security, when you try to bypass SSH host key check. You effectively lose a protection against man-in-the-middle attacks.

Anyway, you can set the SessionOptions.SshHostKeyPolicy to SshHostKeyPolicy.GiveUpSecurityAndAcceptAny.

It's NOT recommended though. You should always set SessionOptions.SshHostKeyFingerprint.
Learn how to determine SSH host key fingerprint. Or at least use the SshHostKeyPolicy.AcceptNew.

See also Suppress the use of host key in SFTP or SCP using WinSCP.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • So what's the recommended way when you are connecting to a third party server the admin of which refuses to give you the ssh host key fingerprint stating security concerns? – user446923 Jul 30 '13 at 07:55
  • 5
    Tell the admin, he's an i****t. Fingerprint of the host public key is public information by definition. There's no security concern at all. Anyway you can get the fingerprint yourself (as it's public). You just possibly do not have a way to get it strictly securely. You can see it for instance on [Server and Protocol Information Dialog](http://winscp.net/eng/docs/ui_fsinfo) in WinSCP GUI. For details see [Where do I get SSH hostkey fingerprint for use with scripting or .NET assembly?](http://winscp.net/eng/docs/faq_script_hostkey) – Martin Prikryl Jul 30 '13 at 12:31