I am using SharpSSH's Sftp class to upload files. Someone has requested that I enable RSA authentication. I can't find an info how how to do this. What do I need to do in order to support public key authentication in SharpSSH?
All I currently do is this
ftp = new Sftp(config.SftpServer, config.SftpUsername, config.SftpPassowrd);
ftp.Connect();
In order to connect with an RSA I needed to create an OpenSSH format key and save it to disk. PuttyGen worked well for this. Then I simply needed to call AddIdentityFile with that file like so
ftp = new Sftp(config.SftpServer, config.SftpUsername, config.SftpPassowrd);
ftp.AddIdentityFile("file");
ftp.Connect();
Related
I'm writing a C# app (want to eventually create a Windows service if I can get this working) to download files from a server using SCP (I am limited to SCP as the only option). I am using the WinSCP .NET assembly (v 5.15.3).
I have an SSH tunnel between my PC and the server, so the following works from the command line:
ssh user:server
I'm running in to a problem when setting the SshHostKeyFingerprint in my code.
WinSCP.SessionOptions options = new WinSCP.SessionOptions();
options.HostName = "ip address";
options.Password = "password";
options.PortNumber = 22;
options.UserName = "username";
options.Protocol = WinSCP.Protocol.Scp;
options.SshHostKeyFingerprint = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkVu2A3SLLdTulOQ1XyGY......"; //full ssh key
I've shortened the SSH key for easier reading.
When assigning the SshHostKeyFingerprint I get the following error:
SSH host key fingerprint "ssh-rsa 2048 AAAAB3NzaC1yc2EAA......" does not match pattern /((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=))*/
I guess I'm assigning a wrong SSH key (I have tried both client and server public keys). Can anyone point me in the right direction? Thanks.
Note: I did try doing this with a batch file but I couldn't run that on a schedule without the server being logged in.
What should go to SessionOptions.SshHostKey**Fingerprint** is a fingerprint of the SSH host key. You are using a full host key (what you even say in the comment).
See also WinSCP FAQ Where do I get SSH host key fingerprint to authorize the server?
WinSCP GUI can generate a correct code template for you, including the fingerprint (assuming you have logged in at least once):
I'm looking to generate ssh keypairs in open SSH format via code within my web-app (hosted in windows machine) instead of having to manually create it using puttygen.
So, far I've not found any free library that can do this. (There doesn't seem to be a ssh-keygen equivalent for windows.) I am aware of the Cygwin route but I'm trying to avoid this as this would involve having to install cygwin on any servers hosting the app making it not ideal.
What are my options? Will I have to extract out the key-gen function from putty-gen-source and re-write it in c#?
RSA rsa = new RSACryptoServiceProvider(2048);
string publicPrivateKeyXML = rsa.ToXmlString(true);
string publicOnlyKeyXML = rsa.ToXmlString(false);
and then you can parse the XML using XML reader or XML document to get the value you want.
I try to connect to an SSH server with nsoftware's IP*Works components without password. The only information about the components' capability is described in the following document:
http://www.nsoftware.com/kb/help/BWN1-A/Type_Certificate.rst
I have created keys with Putty, which is a PPK file as:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20130329
Public-Lines: 4
...
Private-Lines: 8
...
Private-MAC: ...
However any tries to open this file with nsoftware.IPWorksSSH.Certificate fails. Does anybody have an experience with the Certificate object of Ip*works?
Indeed, IP*Works does not use the same key format as PuTTY. You will need to convert the key. This is documented here:
Are .ppk files supported?
I'm trying to read a file from a android phone to a Windows share. I'm using now the StreamWriter, like below:
StreamWriter outfile = new StreamWriter(#"\\10.16.68.253\sam\AllTxtFiles.txt");
outfile.WriteLine("TESTGENREOIADNIWAN");
But i get a Access Denied. I already added the permission to the manifest. And i tested the share using the ES File Explorer (with everyone access). I used the same lines of code on a WPF app and works fine, so my problem is in Android app.
I already tried to change the connection string like the ES, smb://10.16.68.253/sam/AllTxtFiles.txt, but no luck.
Anyone accomplished this ?
Tks !
for me I had to set up the string like this "smb://username:password#local ip/" for the root of my server's Windows share.
You have to make sure the connection to the SMB share is authenticated before trying to access any files. You have to use API calls to do this, because this stuff is done in the Win32 layer outside of managed code.
Here's a start:
http://www.pinvoke.net/default.aspx/mpr/WNetAddConnection.html
Are you sure you are able to read/write files using ESFileExplorer with EVERYONE ACCESS permissions?
Windows is a very secured OS. You need to grant permissions to a particular profile.
Example:
Create a new profile name on windows.
Give that new profile name a password. (must have a password to share something)
Give the folder or files permission to share access to that profile with password.
Access the folder or files using smb along with the profile username and password. Such as
"smb://username:password#local ip"
StreamWriter outfile = new StreamWriter(smb:\\username:password#"\\10.16.68.253\sam\AllTxtFiles.txt");
outfile.WriteLine("TESTGENREOIADNIWAN");
I'm trying to encrypt and decrypt some text file data using .NET's ProtectedData.Protect method. I'd like to be able to encrypt the text (and save it to a file) on one machine and decrypt the text on a different machine. The machines are both in the same domain and both running the same service under the same username so I thought using DataProtectionScope.CurrentUser would allow either service to encrypt and decrypt the file.
When service number two tries to decrypt the file, it throws a "key not valid for use in specified state". Other sites suggest that this kind of problem occurs when impersonation is not done correctly, but there is no impersonation. Both services run under the same AD account. It looks to me like the services are using different keys to encrypt the data but I don't know why this would happen as they are running under the same account.
Has anyone else encountered this kind of issue?
The code I'm using to encrypt and decypt is basically:
byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
return Convert.ToBase64String(protectedPassword); //then I write this to a file
Thanks!
The user must have a Roaming Profile.
In the documentation for the Windows API underneath the DPAPI function, CryptProtectData function, there is this comment:
... decryption usually can only be done on the computer where the data was encrypted. However, a user with a roaming profile can decrypt the data from another computer on the network.