NppFTP Host Key Fingerprint

Lee Jose

“The server is unknown. Do you trust the host key XXXXXX ?”
TLDR; How does NppFTP caclulate the host key fingerprint? Has it changed recently?

I’ve been having some problems with Npp and NppFTP lately, which led me to reinstall. I won’t go into the various installation-reinstallation issues, but after reinstalling NppFTP, I noticed that my host key fingerprint (for my remote machine) didn’t match the one I had cached. Normally I don’t look at this and just assume whatever key they are showing me is my server and I’ll kick up a fuss if it changes. Well, it’s changed. I suspect that NppFTP changed how it calculates the fingerprint, but I can’t prove it.

I’ve tried all the keys on my remote hosts (in terminal), none of them give me the fingerprint that NppFTP is showing me. They do, however, confirm each other’s host keys and fingerprints just fine. The also match the old cached fingerprints. Which makes me think that either I’m actually under a MitM attack, or NppFTP is calculating these fingerprints in a new way I’m not aware of. I use ssh-keyscan to get the keys, and ssh-keygen to show me the different fingerprints.

A couple notes: Recent installations of NppFTP always show the host fingerprints in an MD5-style format. (e.g. 72:37:4d:ea:56:c9:7f:09:1e:26:ad:6e:74:5f:69:a8:69:f2:65:1b), but my cached fingerprint was in a SHA-256 style. This makes me think something has changed in NppFTP, rather than an actual attack. (I’ve tried both types of fingerprints with all my hosts keys. I cannot get any to match.) Also, wouldn’t a MitM affect my ssh terminal program?

Is there a way to confirm a MitM attack? Has NppFTP changed how they calculate the fingerprint recently? Thanks for your time.