How To Extract SFTP SSH Key From Key Cache in FileZilla FTP Client

Question

I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.

How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?

I have not been able to find anything in the FileZilla documentation related to this.

Answer 1

Since this was (at least my) top Google result and I think there is an easier way now:

When connected to a server with FileZilla, there is a little lock in the bottom right corner you can click on. It shows the connection details including the fingerprint. When doubleclicking the fingerprint it gets send to your clipboard.

Answer 2

If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key

Answer 3

Thanks Dougman for the tip!

To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.

C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1

Answer 4

Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:

ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts

Thank you Thomas and SO!

Answer 5

If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.

Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys

Answer 6

Unless I am misunderstanding you: you don't need to.

If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.

I see why you might want to do this, but each application could have it's own way to store keys.