SSHServerAuthentication Event
Fired after the server presents its public key to the client.
Syntax
virtual int FireSSHServerAuthentication(SSHAuthSSHServerAuthenticationEventParams *e);
typedef struct {
char* HostKey;
char* Fingerprint;
char* KeyAlgorithm;
int Accept;
int lenHostKey;
int reserved;
} SSHAuthSSHServerAuthenticationEventParams;
Remarks
This event is where the client can decide whether to continue with the connection process or not. If the public key is known to be a valid key for the SSH server, Accept should be set to true within the event. Otherwise, the server will not be authenticated and the connection will be broken.
The full binary text of the key will be provided in HostKey, in the same format used internally by SSH. For easier comparison, Fingerprint will be an MD5 hash of HostKey in the hex-encoded form: "0a:1b:2c:3d".
When the event is fired, Accept will be true only if either HostKey or Fingerprint is identical to the value of SSHAcceptServerHostKey. KeyAlgorithm specifies the name of the key algorithm used, e.g., "ssh-rsa".
SSH's security inherently relies on client verification of the host key. Ignoring the host key and always setting Accept to true is strongly discouraged, and could cause potentially serious security vulnerabilities in your application. It is recommended that clients maintain a list of known keys for each server and check HostKey against this list each time a connection is attempted.