Skip to main content

Using different host key algorithms on sftp server and client [Resolved]

I need to setup a sftp client the problem i am facing is that sftp client library i am using does not support the host key algorithm supported by sftp server. Basically I am talking about the public key authentication here. My sftp server would send me key generated with EC and my client would send key generated as RSA key. Will these keys be used for anything else after authentication? Note, I am using Renci.Ssh.Net as client library.


Question Credit: alinizam
Question Reference
Asked May 16, 2019
Tags: , .net, sftp
Posted Under: Security
59 views
1 Answers

(After Q edit)

In SSHv2 (the only one anyone still uses) yes, both the (selected) host key and the client key if any are used only for authentication; the client software must support receiving (and verifying) the host's key type (in your example EC) and the host software must support receiving the client's key type (RSA).

The session key is created using ephemeral Diffie-Hellman (including ECDH or X25519 in modern systems) not the user-visible 'pubkey' files and algorithms, and the two data ciphers (and MACs if applicable) are negotiated separately and use working keys (and IVs if applicable) derived from the session key.

This is mostly described in RFC 4253 especially 6.5, 6.6, and 7. Some options are in other RFCs; see https://en.wikipedia.org/wiki/Secure_Shell#Standards_documentation or http://www.openssh.com/specs.html .


credit: dave_thompson_085
Answered May 16, 2019
Your Answer