Ask a Question

Host Key Algorithm - Disabled by Default Question

0 votes
by (120 points)

Hello,

We are trying to implement Rebex SFTP into our application and have run into an issue connecting to servers that require ecdsa-sha2-nistp384. I see in the documentation this algorithm is Disabled by Default. Our SFTP app server is running on Windows Server 2016 so it should be OS supported.

We wanted to confirm ecdsa-sha2-nistp384 is in fact disabled by default and the best way to enable it.

I see in the Cipher list page header the following:
SshParameters.HostKeyAlgorithms
SshParameters.SetHostKeyAlgorithms(...)

and this page: https://www.rebex.net/doc/api/Rebex.Net.SshParameters.SetHostKeyAlgorithms.html

If you can please confirm ecdsa-sha2-nistp384 is disabled by default and if it needs to be enabled via the above that would be greatly appreciated.

Thanks!

Applies to: Rebex SFTP

1 Answer

0 votes
by (148k points)

Yes, ecdsa-sha2-nistp384 is currently disabled by default (although it will most likely be enabled in the next major release). It can be enabled using HostKeyAlgorithms parameter (no need to use the SetHostKeyAlgorithms method unless you need to tweak the algorithm order).

Sample code that enables ecdsa-sha2-nistp384 and connects to test.rebex.net:

var sftp = new Sftp();
sftp.Settings.SshParameters.HostKeyAlgorithms |= SshHostKeyAlgorithm.ECDsaNistP384;
sftp.Connect("test.rebex.net");
sftp.Login("demo", "password");
...