Back to product page

HostFingerprint event

Fires when the remote server provides public key fingerprint information.


  • Basic
Private Sub object_HostFingerprint(Fingerprint, Accept)
The HostFingerprint(object,Fingerprint,Accept) syntax has these parts:
objectA wodTunnel object.
FingerprintA String value. Represents fingerprint information for the server.
AcceptA Boolean value. When set to False, wodSSHTunnel aborts the connection.


Because the SSH architecture does not know about certificates or other means of checking if a remote server is really the one you intended to connect to, the decision to accept a connection or not is a matter of trust.

This is how SSH works in real life - once you connect to the remote server and you are sure it is really the server you expect it to be, you should store the Fingerprint information locally. For each new connection, you should test that the Fingerprint information is the same as the stored value to be sure that no one is 'in the middle' spying on your connection. Fingerprint information is almost unique among servers and it is generated from a server's private key.

If you set Accept to True (default), wodSSHTunnel will continue to perform negotiation with the server normally. If you set it to False (for example, because you see that the Fingerprint information is not the same as last time you connected to this server), it will drop the connection.

Even if you connect to the same server, different protocol versions will produce different Fingerprint information. For example, SSH1 provides different FingerPrint information than the SSH2 service running on same computer and on same port.