How to get SFTP fingerprint

“Client” refers to machine connecting to SFTP server and “Server” refers to SFTP server.

Iguana 6 expects the fingerprint format to be a 128-bit MD5 CheckSum

Description

In some cases, it may be required to use a fingerprint value when connecting to an SFTP server. When connecting to an SFTP server, an SSH key fingerprint is sent from the server. This fingerprint makes it possible to verify the server’s identity by allowing the client to cross reference the fingerprint it has for the server against the fingerprint the server sent.

Acquiring the fingerprint

There are various ways for the client to obtain the fingerprint in order to validate a server’s identity. Below are some example of how the client can obtain a fingerprint:

OpenSSL

OpenSSL has the ability to generate a 128-bit MD5 CheckSum fingerprint using a public key file. Enter the following command into the command prompt, replacing the placeholder variable with your information:

echo <path_to_public_key_file> | openssl md5

This will output the fingerprint value, as seen in the example below:

image-20240717-161336.png

Within Iguana

From within Iguana it is also possible to get a fingerprint value. This can be done by using the net.sftp.init function. Enter your server info and credentials, and any string value for the host_fingerprint parameter. You will receive an error message stating there is a mismatch between the fingerprint values, and what the SFTP server returned as a fingerprint. An example of this can be found below:

image-20240717-163000.png

Command line SFTP

If it is not the first time the client machine has connected to the server, remove the server’s information from the known_hosts file. This will cause the client machine to act as if it was the first time connecting.

Another possible way to obtain a fingerprint value is through the SFTP command in the command line. A client machine can connect to an SFTP server via the command line, and the first time the connection is made the server’s fingerprint value will be displayed. The following commands can be used to connect through the command line:

User/Password authentication:

sftp USERNAME@HOSTNAME

Private key based authentication:

sftp -i C:\PATH\TO\KEY.pem USER@HOSTNAME

On the client machine’s first time connecting to the server, the command will display the server fingerprint:

Security considerations

All though using Iguana and the command prompt are possible ways to obtain a server’s fingerprint value, it should be noted that it is not the most secure way. The fingerprint value is meant to verify a server’s identity, and both methods do not guarantee that the server the client is connecting to is the server it intended to connect to.

Related pages