Different fingerprints from several SFTP clients

0 votes
asked Jul 15, 2013 by ntr02 (120 points)
edited Jul 16, 2013

Hello I'm new to SSH FTP

Currently I'm using the trial version of the Rebex SFTP Component.

When I connect to a server I get a fingerprint from the server's public key. So far it's ok I can upload and download files.

But when I connect to the same server through an SFTP client (let's say WinSCP or PUtty) the fingerprint displayed is other different than the one I saw using the Rebex Component.

Once I connect with the client software I can see the directories and files I uploaded using Rebex however.

I tried to get the fingerprint appling the signature hash alghoritms available in the Rebex Component (MD5, SH1...) but I could not get the same fingerprint determinated by the client software.

Does anyone know how could this happen? Is there some SSH fact I do not know? Is this risky? (I've seen either fingerprints take me to the same server, that's a good sign, isn't it :))

Warm Regards

1 Answer

0 votes
answered Jul 16, 2013 by Tomas Knopp (58,890 points)
edited Jul 16, 2013

Hello, most servers have both RSA and DSA server certificates. So you can really get more server certificates for the same server. That's fine and there is no security risk in it.

The fact that you get different fingerprints when connecting with PuTTY (or WinSCP) and when connecting with Rebex SFTP is probably caused by the fact, that PuTTY prefers RSA server certificates whereas Rebex prefers DSA by default. So when there are really both types deployed at the server side, you get different fingerprints, because the server certificates were also different.

You can make Rebex SFTP prefer RSA (and make Rebex SFTP behave as PuTTY does) like this:

Sftp sftp = new Sftp();
sftp.Settings.SshParameters.PreferredHostKeyAlgorithm = SshHostKeyAlgorithm.RSA;

sftp.Connect("server");

Now you should see the same FingerPrint because Rebex SFTP will pick the same certificate.

...