SSH Agent

Overview

An SSH agent encapsulates the connection details to a single instance of an SSH server (SFTP).

Usages

The SSH agent is used by the following connectors:

Configuration

In addition to the common agent configuration shared by all agents, the SSH agent requires the following by way of configuration:

Name Description
Host The name or IP address of the SSH server.
Port The port of the SSH server.
Timeout Duration before which SSH requests timeout.
Password

Only required when Credentials is Custom

The password corresponding to the given account name.

Expected Host Key Fingerprint
Optional. The expected fingerprint of the SSH server host key. If provided, the connection will be rejected if the received thumbprint does not match.

The thumbprint must be in base64 format, and generated using the md5 hashing algorithm. See below for more information on this field.
Authentication Mode
The mode of authentication when connecting to the SSH server.
Username The username of the account on the SSH server to authenticate as.
Password The password of the account on the SSH server to authenticate as. Password authentication mode only.
Private Key Path

Path to the PEM format private key file for the specified SSH server account. Private Key authentication mode only.

Private Key Pass Phrase
Optional pass phrase for the provided private key file. Private Key authentication mode only.
Proxy Type
The type of proxy server to connect to the SSH server through.
Proxy Host
The name or IP address of the proxy server.
Proxy Port
The port of the proxy server.
Proxy Username
The username of the proxy server account to authenticate
Use Binary The password of the proxy server account to authenticate with.

Fingerprint Validation

By configuring an Expected Fingerprint, the SSH agent will perform an identity check on the configured SSH server, to ensure it's validity. As described above, this value must be provided in base64 format, and have been generated using the md5 hashing algorithm. The method of retrieving and formatting the fingerprint will vary, but on Linux platforms the following command can be used:

ssh-keygen -l -f /path/to/host/key.pub -E md5 | awk '{print $2}' | sed -e 's/MD5://g' | tr -d ':' | xxd -r -p | base64
NOTE: Depending on the SSH server and configuration, one of a number of different host keys may be used depending on the connection negotiation process. In the event of a connection failure due to a unexpected fingerprint, the invalid fingerprint and the name of the host key will be included in the log message, to assist in troubleshooting.

Supported Algorithms and other technical specifications

For a full list of supported algorithms, private key formats, and other supported features, refer to the SSH.NET GitHub page.

Is this article helpful for you?