1

I have tried searching for the above and found SSH.NET, but I am not sure:

  1. If it suits my case.
  2. How to use it the way I need it to work.

I have a client with an SFTP - to which he connects using a normal third party tool like FileZilla.

I have the credentials etc. and need to download files from that SFTP. Unfortunately for me, the SFTP requires a p12 certificate (which I have), which I do not know how to use. I have not yet worked with SFTP's. The connection is: "interactive"

For a "normal" FTP I would simply get the response stream of a FtpRequest and cast its information to whatever I need it to be.

Question: How do I use a p12 certificate to establish a connection to a SFTP using C# without buying one of the commercial third party libraries?

I would be thankful, for both direct tips, but also reading material for the topic.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Aiolos
  • 28
  • 6

2 Answers2

1

Are you sure you want to use the SFTP? I've never seen anyone using P12 key with the SSH/SFTP. Maybe you mistake the SFTP with the FTPS [FTP over TLS/SSL]?

Anyway, the NET.SSH library supports only OpenSSH and ssh.com private key file formats. So you need to convert your P12 key to either of them.

Quote from Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication:

You can use following commands to extract public/private key from a PKCS#12 container:

  • PKCS#1 Private key

    openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem

  • Certificates:

    openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
0

First of all you seem to confuse SFTPwith FTP-over-SSL. These are two different protocols. From your question it seems that you need FTP-over-SSL.

In simple cases where you need to just download a file, FtpWebRequest class of .NET will work. In more complex cases third-party libraries are required.

If you need to deal with SFTP, the situation is more complicated. SSH doesn't usually work with X.509 certificates (such configuration is possible but is almost never used). You won't get this functionality with open-source libraries.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Hi Eugene, thanks for the fast reply. There is a good chance I am actually confusing the two of them. All I see is that the uri contains sftp instead of ftp and the client frequently refers to it as a secure ftp . How do I know for sure ? I am aware of the FtpWebRequest - that works for me and I wrote my own libraries, but how do I incorporate the p12 certificate ? – Aiolos Sep 24 '14 at 23:10
  • @Aiolos the simplest is to ask what port they connect to. If the port port is 22 or alike (2022, for example), then it's most likely SFTP. If the port is 990 or 21 or alike (say 2021), then it's FTP-over-SSL. Note, that if the port is 990, this is implicit TLS, while on ports 21 and similar you'll get explicit TLS. – Eugene Mayevski 'Callback Sep 25 '14 at 06:15
  • @Aiolos How to use the pkcs#12 file in this case really depends on the protocol. – Eugene Mayevski 'Callback Sep 25 '14 at 06:15