I am using Tamir.SharpSSH to make SFTP connections in my .NET code. I have servers' host, port, username, password and servers' fingerprint.

I am able to connect to the server without the fingerprint. Is there any way to match the fingerprint that I have with the servers' before making the connection?

Following is my C# code for the connection:

string _ftpURL = "ftp.com"; //Host URL or address of the SFTP server
string _UserName = "Login_Id";      //User Name of the SFTP server
string _Password = "12345";   //Password of the SFTP server
int _Port = 22;                  //Port No of the SFTP server (if any)
string _ftpDirectory = "ReceivedFiles"; //The directory in SFTP server where the files will be uploaded
string LocalDirectory = "D:\\FilePuller"; //Local directory from where the files will be uploaded

ArrayList UploadedFiles = new ArrayList();

Sftp oSftp = new Sftp(_ftpURL, _UserName, _Password);

oSftp.Connect(_Port);

Is there anyway I can add a check for Server's fingerprint before connecting to the SFTP Server?

The SharpSSH is stupid enough not to verify the host keys by default.

You would have to re-implement SshBase.ConnectSession not to set StrictHostKeyChecking to no.

• And then use JSch.getHostKeyRepository().add() to configure expected host key (or implement HostKeyRepository interface).
• Or implement UserInfo interface, particularly the promptYesNo method.