Back to product page

HostFingerprint callback


Called when the remote server provides public key fingerprint information.

Syntax

  • C
void (*HostFingerprint)(void *Sftp, char *Data, int Length);
The HostFingerprint(void *Sftp,char *Fingerprint,int *Accept) syntax has these parts:
void *SftpHandle of the created Sftp instance.
char *FingerprintRepresents the remote server fingerprint.
int *AcceptWhen set to 0 (null, false), wodSFTP will abort the connection.

Remarks

Because the SSH architecture doesn't know about certificates, or other means of checking whether a remote server is really the one you intended to connect to, your decision to accept a connection or not is based on 'trust'.

This is how SSH works in the real world - once you have connected to remote server and you are sure it is really the server you expect it to be, you should store the Fingerprint information locally. For each new connection, you should test whether the Fingerprint information is the same as the stored copy - to be sure that no one is 'in the middle' spying on your connection. Fingerprint information is almost unique among different servers, and it is generated from a server's private key.

If you set Accept to True (default), wodSFTP will continue to perform negotiation with the server normally. If you set it to False (for instance, because you see that the Fingerprint information is not the same as before), it will drop the connection.

Even if you connect to the same server, different protocol versions will produce different Fingerprint information. For example, SSH1 provides different FingerPrint information than the SSH2 service - running on the same computer on the same port.

NOTE: this callback is called only if you have created an instance of the SftpEventsStruct structure, and set its HostFingerprint member to the function implementing it.