SSH host key fingerprint does not match pattern C# WinSCP

Asked 27/1, 2016 at 23:39 Answered 9/6, 2022 at 16:28

I am trying to connect to an FTPS server using C# via WinSCP and I am getting this error:

SSH host key fingerprint ... does not match pattern ...

After tons of research, I believe is has something to do with the length of the key. The key I got from WinSCP when connected using its interface under "Server and protocol information" is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx but the ones I saw in the example is shorter like this xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

Can someone please help and offer me any pointer to resolve this would be greatly appreciated.

Here is my code

string winscpPath = "C:\\Program Files (x86)\\WinSCP\\WinSCP.exe";
string username = "User123";
string password = "abc1234";
string ftpSite = "192.168.5.110";
string localPath = "C:\\Users\\ttom\\Documents";
string remoteFTPDirectory = "/Usr/thisfolder";
string sshKey = "1b:68:10:80:77:c6:65:91:51:31:5t:65:1c:g6:13:20:39:g8:d8:6d";
Boolean winSCPLog = true;
string winSCPLogPath = "C:\\Users\\ttom\\Documents\\Visual Studio 2015\\Projects\\WebApplication1\\WebApplication1";

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = ftpSite,
    UserName = username,
    Password = password,
    SshHostKeyFingerprint = sshKey
};

using (Session session = new Session())
{
    // WinSCP .NET assembly must be in GAC to be used with SSIS,
    // set path to WinSCP.exe explicitly, if using non-default path.
    session.ExecutablePath = winscpPath;
    session.DisableVersionCheck = true;

    if (winSCPLog)
    {
        session.SessionLogPath = @winSCPLogPath + @"ftplog.txt";
        session.DebugLogPath = @winSCPLogPath + @"debuglog.txt";
    }

    // Connect
    session.Timeout = new TimeSpan(0, 2, 0); // two minutes
    session.Open(sessionOptions);

    TransferOptions transferOptions = new TransferOptions();
    transferOptions.TransferMode = TransferMode.Binary;

    session.GetFiles(remoteFTPDirectory + "/" +
        "test.txt", localPath, false, transferOptions);
}

Maureenmaureene answered 27/1, 2016 at 23:39 Comment(0)

If you have a WinSCP client, and are able to connect to the FTP site. WinSCP has a nice "code generation" function.

Connect first
Select Session > Generate session URL/code

Eclogue answered 9/6, 2022 at 16:28 Comment(2)

Thank you! I did not know this existed and it is most excellent! – Unbeaten 27/4, 2023 at 17:59

@DanielWilliams I have tried that but the I got the Error "WinSCP.SessionRemoteException: The key-exchange algorithm diffie-hellman-group1-sha1 was not verified!" – Dangerous 27/7, 2023 at 13:28

I was also facing the same issue. But after trying some different pattern, The following pattern Worked for me :

Add ssh-rsa as 1st part
Add 2048 ( key length in bits) as the 2nd part
Remove SHA256: if you have that in the key you have obtained
Keep only the key part, Do not separate them in the set of 2, keep the key as it is as you have obtained from the command ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

Example: ssh-rsa 2048 N48XXXXH2x9W1ZIFXXXXXXXX6p3UqI6kGA8BbO1XXX

Jory answered 11/5, 2020 at 18:34 Comment(2)

Using FileZilla to show the fingerprint values, adding a trailing "=" to the fingerprint was necessary (in addition to the steps you clearly explain) for the WinSCP connection to work. – Lentic 10/11, 2021 at 18:2

Removing the "SHA256:" did the trick for me when using WinSCPnet.dll from PowerShell. – Saritasarkaria 28/3, 2022 at 21:2

You are connecting using SFTP (over SSH) in the code, but using FTPS (FTP over TLS/SSL) in GUI.

These are two completely different protocols.

Use Protocol = Protocol.Ftp and enable TLS/SSL using FtpSecure = FtpSecure.Explicit.

SessionOptions sessionOptions = new SessionOptions
{
    Protocol = Protocol.Ftp,
    FtpSecure = FtpSecure.Explicit,
    HostName = ftpSite,
    UserName = username,
    Password = password,
};

An equivalent of SshHostKeyFingerprint for FTPS is TlsHostCertificateFingerprint. But you need to use it only when the TLS/SSL certificate is not signed by a trusted authority (e.g. a self signed certificate).

The easiest is to have WinSCP GUI generate code for you.

Devoir answered 28/1, 2016 at 6:58 Comment(0)

I also had the same error. In my case I discovered the PC that I copied the SSH Fingerprint key from was running a newer version of WinSCP than the one I had on my development PC.

Updating the WinSCP.exe and WinSCPnet.DLL files on my Dev PC fixed the issue for me.

Kalman answered 16/3, 2018 at 11:41 Comment(0)

I am working on a similar task. Have you tried prefixing 'ssh-rsa' to your fingerprint string?

Everything seems to be working on my end so that leads me to believe that there are two things that could be going on here.

You could be missing part of your authentication string:

string SshHostKeyFingerpring = "ssh-rsa XXXX 1b:68:10:80:77:c6:65:91:51:31:5t:65:1c:g6:13:20:39:g8:d8:6d";

and/or

You are using two protocols. SFTP and FTPS

Differential answered 18/4, 2016 at 18:0 Comment(0)

Recommended topics

Hot tags