SSHServerAuthentication Event

Fired after the server presents its public key to the client.

Object Oriented Interface

public function fireSSHServerAuthentication($param);

Procedural Interface

ipworkssftp_sftp_register_callback($res, 10, array($this, 'fireSSHServerAuthentication'));

Parameter List


'hostkey'
'fingerprint'
'keyalgorithm'
'certsubject'
'certissuer'
'status'
'accept'

Remarks

This event is where the client can decide whether to continue with the connection process or not. If the public key is known to be a valid key for the SSH server, Accept should be set to True within the event. Otherwise, the server will not be authenticated and the connection will be broken.

Accept will be True only if either HostKey or Fingerprint is identical to the value of SSHAcceptServerHostKey.

Accept may be set to True manually to accept the server host key.

Note that SSH's security inherently relies on client verification of the host key. Ignoring the host key and always setting Accept to true is strongly discouraged, and could cause potentially serious security vulnerabilities in your application. It is recommended that clients maintain a list of known keys for each server and check HostKey against this list each time a connection is attempted.

Host Key contains the full binary text of the key, in the same format used internally by SSH.

Fingerprint holds the SHA-256 hash of HostKey in the hex-encoded form: 0a:1b:2c:3d. To configure the hash algorithm used to calculate this value see SSHFingerprintHashAlgorithm.

KeyAlgorithm identifies the host key algorithm. Supported values are:

  • ssh-rsa
  • ssh-dss
  • x509v3-sign-rsa
  • x509v3-sign-dss
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
To limit the accepted host key algorithms refer to SSHPublicKeyAlgorithms.

CertSubject is the subject of the certificate. This is only applicable when KeyAlgorithm is "x509v3-sign-rsa" or "x509v3-sign-dss".

CertIssuer is the issuer of the certificate. This is only applicable when KeyAlgorithm is "x509v3-sign-rsa" or "x509v3-sign-dss".

Status is reserved for future use.

Copyright (c) 2021 /n software inc. - All rights reserved.
IPWorks SFTP 2020 PHP Edition - Version 20.0 [Build 7941]