HostFingerprint callback
Called when the remote server provides public key fingerprint information.
Syntax
void (*HostFingerprint)(void *Sftp, char *Data, int Length);
The HostFingerprint(void *Sftp,char *Fingerprint,int *Accept) syntax has these parts:
| void *Sftp | Handle of the created Sftp instance. |
| char *Fingerprint | Represents the remote server fingerprint. |
| int *Accept | When set to 0 (null, false), wodSFTP will abort the connection. |
Remarks
Because the SSH architecture doesn't know about certificates, or other means of checking whether a remote server is really the one you intended to connect to, your decision to accept a connection or not is based on 'trust'.
This is how SSH works in the real world - once you have connected to remote server and you are sure it is really the server you expect it to be, you should store the
Fingerprint information locally. For each new connection, you should test whether the
Fingerprint information is the same as the stored copy - to be sure that no one is 'in the middle' spying on your connection.
Fingerprint information is almost unique among different servers, and it is generated from a server's private key.
If you set
Accept to
True (default), wodSFTP will continue to perform negotiation with the server normally. If you set it to False (for instance, because you see that the
Fingerprint information is not the same as before), it will drop the connection.
Even if you connect to the same server, different protocol versions will produce different
Fingerprint information. For example, SSH1 provides different FingerPrint information than the SSH2 service - running on the same computer on the same port.
NOTE: this callback is called only if you have created an instance of the SftpEventsStruct structure, and set its HostFingerprint member to the function implementing it.
Back to product page