Back to product page

HostFingerprint method


Called when the remote server provides public key fingerprint information.

Type

None

Syntax

  • Basic
object.HostFingerprint Owner, Fingerprint, Accept
The HostFingerprint(object,Owner,Fingerprint,Accept) syntax has these parts:
objectAn expression evaluating to an object of type IwodSFTPNotify.
OwnerA wodSFTPCom object.
FingerprintA String value.
AcceptA Boolean value. When set to False, wodSFTP will abort the connection.

Remarks

This method is only called if you implemented the IwodSFTPNotify interface in your application and the wodSFTP.Notification property has received a reference to an instance of your implementation.

As SSH architecture doesn't know about certificates, or any other means of checking if the remote server is really the one you intended to connect to, whether you will accept a connection or not is a matter of 'trust'.

This is how SSH works in real life - once you connect to the remote server and you are sure that it is really the server you expect it to be, you should store Fingerprint information locally. For each new connection, you should test if the new Fingerprint information is the same as the stored Fingerprint - to be sure that no one is 'in the middle' spying on your connection. Fingerprint information is almost unique among different servers and it is generated from a server's public key.

If you set Accept to True (default), wodSFTP will continue to perform negotiation with the server normally. If you set it to False (for instance, because you see that Fingerprint information is not the same as before), it will drop the connection.

Even if you connect to the same server, different protocol versions will produce different Fingerprint information. For example, SSH1 provides different FingerPrint information to the SSH2 service running on the same computer and on the same port.

Platforms

Windows