Discuss this help topic in SecureBlackbox Forum

Validate the key sent by the server

Key validation is performed either by handling OnKeyValidate event of the SSH class or by providing the list of trusted keys via TrustedKeys property of the SSH class. You must either handle OnKeyValidate event or provide TrustedKeys list or both.

If you specify the list of trusted keys via TrustedKeys property and the key, sent by the server, is not found, OnKeyValidate event is fired. So it makes sense to always handle OnKeyValidate event.

Key validation procedure in OnKeyValidate event handler should consist of the following steps:

  1. Search for the provided public key (contained in ServerKey object) in local server keys database. The database should contain a list of pairs, each defining a correspondence between a host address and a public key of the corresponding host. Please note, that the same host can have several different addresses, so several database entries might share the same public key.

  2. If the corresponding (host, public key) pair is found, the server is considered authenticated. Set Validate parameter to true and don't go further.

  3. If there's no such pair in the database, a warning message should be displayed to the user, indicating that the server he is connecting to is not known/trusted. The message can look similar to the following:
    ====
    The authenticity of host XXX.XXX.XXX.XXX cannot be established.
    The fingerprint of the key is XXXXXXXXXXXXXXXXXX.
    Do you wish to continue (Y/n)?
    ====
    If the user wishes to continue connecting, the server key should be added to the database and Validate parameter should be set to true. If the user declines the key, Validate parameter should be set to false.

  4. If there's an entry in the database for the host the client is connecting to, but the public key differs from the one provided by the server, a different warning should be displayed to the user:
    ====
    The public key of the host you are connecting to HAS BEEN CHANGED!
    There are two common reasons for this:
    1. Someone is eavesdropping you.
    2. Public key of the server has changed for some other reason.
    We recommend you to contact the administrator of the server in order to clarify the situation.
    Do you wish to continue (Y/n)?
    ====
    If the user wishes to continue connecting, the key should be added to the database and Validate parameter should be set to true. Otherwise, Validate should be set to false to make the client close the connection.

Sample messages are taken from PuTTY software.

Discuss this help topic in SecureBlackbox Forum