You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thank you for this wonderful work! I use Posh-SSH to transfer backups from a remote host to our system. Since security is crucial, I check the fingerprint of the remote host. In this context, I encountered the following problem:
The MD5 fingerprint consists of 16 hex numbers, which should be 2 characters long each. If a hex number starts with a 0, the 0 is not included in the fingerprint. No idea what happens if the entire hex number is 0... In any case, such a fingerprint looks like this: 4e:cc:12:2:82:d1:66:b8:d6:93:2e:d3:40:fb:53:2c
(the fourth component should actually be 02)
As long as I just confirm that the fingerprint is OK and this is then included in the Posh-SSH JSON file, everything still works.
However, our system knows all host IPs and the respective fingerprints and calls a script that does the work. The host IP and fingerprint are passed to the script. I do this:
first I delete the host's fingerprint with Remove-SSHTrustedHost -hostname XXX
then I insert the fingerprint that I get from the system: New-SSHTrustedHost -hostname XXX -fingerprint YYY
Then I can open the connection with New-SFTPSession -ComputerName XXX -Credential ZZZ -ErrorOnUntrusted
The problem is that if I pass a "normally" formatted fingerprint, which in this case contains 02 instead of just 2, I don't get a connection (Key exchange failed). I currently have to delete the leading 0 from my normal fingerprints so that Posh-SSH can understand it.
This is no longer a problem for me at the moment, I am now reformatting these fingerprints. I just wanted to report this point in case you want to adjust it. Of course, this could be problematic if users currently have fingerprints saved in the "wrong" format...
Thanks again for Posh-SSH!
The text was updated successfully, but these errors were encountered:
First of all, thank you for this wonderful work! I use Posh-SSH to transfer backups from a remote host to our system. Since security is crucial, I check the fingerprint of the remote host. In this context, I encountered the following problem:
The MD5 fingerprint consists of 16 hex numbers, which should be 2 characters long each. If a hex number starts with a 0, the 0 is not included in the fingerprint. No idea what happens if the entire hex number is 0... In any case, such a fingerprint looks like this: 4e:cc:12:2:82:d1:66:b8:d6:93:2e:d3:40:fb:53:2c
(the fourth component should actually be 02)
As long as I just confirm that the fingerprint is OK and this is then included in the Posh-SSH JSON file, everything still works.
However, our system knows all host IPs and the respective fingerprints and calls a script that does the work. The host IP and fingerprint are passed to the script. I do this:
Then I can open the connection with New-SFTPSession -ComputerName XXX -Credential ZZZ -ErrorOnUntrusted
The problem is that if I pass a "normally" formatted fingerprint, which in this case contains 02 instead of just 2, I don't get a connection (Key exchange failed). I currently have to delete the leading 0 from my normal fingerprints so that Posh-SSH can understand it.
This is no longer a problem for me at the moment, I am now reformatting these fingerprints. I just wanted to report this point in case you want to adjust it. Of course, this could be problematic if users currently have fingerprints saved in the "wrong" format...
Thanks again for Posh-SSH!
The text was updated successfully, but these errors were encountered: