Hello, I had a project working great with SFTP for awhile, but today our administrators changed the version of SSHD they run on our web server. Now I can't get any files uploaded through PHPed (right-click -> upload), but instead receive the message "Key verification failed for server_host_key". I can however use command-line SFTP utility on my development computer (same pc as PHPed is installed on) to connect to the web server and upload files with no problems.

I believe the public SSH key of our web server probably changed when they uninstalled Cygwin OpenSSHD and replaced it with Bitvise WinSSHD. I think that PHPed (v4.5 Build 4513) is still trying to use the old public key for our server's old SSHD setup. If I could just find out how to get PHPed to forget the old server key information I bet this problem would be solved, but i'm open to suggestions.

Anxiously awaiting your response!!

PhpED does not and can't make such decisions. If you use public key authentication, you may get such errors indicating that you have to put phped's public key into the server. See the SSHD daemon instructions where it copy to and what format if should be of.
Alternatively you may copy public and private keys that are used by your command line utility to PhpED's openssl directory where it keeps its keys.

Okay so i'm not really clear on what you're suggesting I do. My command-line utility maintains a folder called .ssh that contains a file called known_hosts. The contents of that file are as follows:


When my server's key changes I can simply delete this known_hosts file and my command-line ssh utility will just get the new one from the server and ask me if I trust it. For demonstration purposes I generated a new key on the server and this is how my command-line sftp reacts:



Notice how the failure message is practically identical to the message PHPed is giving?

"Host Key Verification Failed" vs "Key Verification Failed for server_host_key"

There is not a similar cache of known hosts in PHPed? I can't believe that PHPed could possibly do any SSH or SFTP without caching the remote host's pubilc key somewhere. I really need to know where it stores these and how I can destroy them.

Thank you for publishing your keys, but they are supposed to be kept privately,
it's just like if you published your passwords, usernames and host names to login to.

You folder called .ssh contains keys used by ssh utility. Similar keys are in phped\openssl.

PhpED does not maintain "known hosts"


again. There are two ways.
1. If your server already recognizes your commanline utility keys, you're all set, just copy them to phped and use in the ssh account.
2. If your server does not recongnize phped's public key, you have to copy it to the server.


no.

This sounds like the option for me, but I could use more details regarding how to do this. As you know I have the known_hosts file on my system with good information in it. Please tell me what file I need to create and where, then what to do in the software to set the SFTP account to use the custom key. Thanks alot so far for your help!

Check phped\openssl directory
It contains for example id_rsa and id_rsa.pub
These two files contain private and public keys that are intended to work in pair.
Both should be on the client side (phped) and copy of the public key with IP or hostname added in is expected on the server.
I can't be specific about location and file formats supported by your server, please consult with its manual.
PhpED itself supports all formats supported by openssh and moreover it follows file naming convention.

Now about the IDE's accounts. When you create an ssh or sftp account, you can select a key settings in the corresponding dropdown.
All the key files are specified on the Keys tab. If you have a working keypair (public and private) just add them in the Keys tab, then select in the ssh/or/sftp account(s).

Hope it helps.

Actually no, the known_hosts file doesn't seem to have two different keys in it so I don't know what to do.

We can use any SSHD software that runs under windows 2003. Is there a software package that PHPed plays nice with or does it always need this kind of painful manual key configuration no matter which SSHD you run?

Looks like we are not on the same page and talking about very different things.

Please re-read what I wrote before
Did I say anything about known_hosts file?
Hopefully, I clearly answered that PhpED does not track so-called known-hosts and there is no problems and can never be any problems with known_hosts when you use PhpED.

You seems work using public key authentication and changed or corrupted keys on the server side. So you have to install them again.

You have misunderstood me. You said to take the keys from my command-line utility and install them in phpEd right? Well it stores its keys in the known_hosts file, so I looked in it and don't see the two keys I would need to create the two files you told me to create in the openssl folder of phped. Therefore I could not proceed with your instructions.

well, let's try to finalize what we are about.
Probably below are questions I had to start with:
What authentication are you using in your command line SSH utility?
What authentication is set in PhpED sftp/ssh account that fails?

If you do not use public key authentication, just forget all I wrote above and uncheck all authentication checkboxes except password and/or keyboard-interactive.

If you do use public key authentication, check your command line SSH utility manual where it keeps the TWO keys. Namely PUBLIC and PRIVATE and proceed with instructions I wrote before.

Hope I made it clearer now