Start a new topic
In Progress

Let SFTP connection use fingerprints stored in ~/.ssh/known_hosts

When using "connect using SFTP"(connect with options) to build an Ad hoc SFTP connection, no matter whether the fingerprint of the remote host is in ~/.ssh/known_hosts, Royal tsx alaways gives me a Certificate and Fingerprint Warning, which bothers me a bit.


So I suggest that make the SFTP connection use fingerprints stored in ~/.ssh/known_hosts just like the SSH connection, i.e. add the fingerprint to ~/.ssh/known_hosts when connecting to a new host and supress the Certificate and Fingerprint Warning when connecting to a known host whose fingerprint is already in ~/.ssh/known_hosts. In this way, Royal tsx will avoid giving useless warnings.


For me, I prefer using "connect using SFTP" to using a File Transfer object to build a SFTP connection. In contrast to the latter, the former can keep my navigation panel as concise as possible.


I sincerely hope that you will take my advice! Looking forward to your reply!


1 person likes this idea

That's something we'll definitely want to work on for the next major release.


1 person likes this

Hi there,


we're happy to announce that the first beta of Royal TSX 5.0 is now available and includes this feature!


You can get the beta here: https://royalapps.com/ts/mac/features-beta

Please let us know how it works for you!


cheers,

felix

Hello, it works for me! And I'm confused about your design.


I find a phenomenon: If I never connect a host via ssh (i.e. the fingerprint of the host is not in ~/.ssh/known_hosts), every time I use "connect using SFTP", I will still get the warning.


Then I find what happens: If I have ever connected to a host via ssh, then I use "connect using SFTP", the fingerprint will be changed from ecdsa-sha2-nistp256 type to ssh-rsa type. And the original ecdsa-sha2-nistp256 fingerprint will be saved to ~/.ssh/known_hosts.old. If I have not connected to a host via ssh yet, then I use "connect using SFTP", nothing will happen, which means I will still receive the warning when I use "connect using SFTP" next time.


Besides, if I create a SFTP connection object, and I use it (keep "lgnore Certificate and Fingerprint Warnings disable") . After I confirm the warning, I will not get the warning any more, and no new entries will be added to the ~/.ssh/known_hosts. I guess you save the fingerprint or make some settings in the object for created SFTP connection objects (because once I delete the object and I create the same one, I will get the warning again.)


I really don't understand why you design like this. To the best of my knowledge, general ssh and sftp use the same fingerprint in the ~/.ssh/known_hosts.


So I can only think that:

File Transfer plugin can use ssh-rsa type but can not use ecdsa-sha2-nistp256 type fingerprint. iTerm2 plugin can use both. If that's the case, I think design a connection fingerprint file only for all types of SFTP connections in Royal TSX may be better in contrast to changing ~/.ssh/known_hosts. For example, let ~/.ssh/known_hosts_for_SFTP_only:

(1) save fingerprints from "SFTP connection objects" and "connect using SFTP"

(2) get rid of the dependence on ~/.ssh/known_hosts, i.e. even if ~/.ssh/known_hosts doesn't exist, new fingerprints can be added to ~/.ssh/known_hosts_for_SFTP_only.

Login or Signup to post a comment