Page 1 of 1

Wishlist: Verification/caching of SSH server public host key

Posted: Sat Oct 12, 2013 4:55 am
by adfhogan
AndFTP is a wonderfully nifty app for transferring files back and forth via SFTP (I've seen speeds of about 1-1.4MB/s on home WiFi). What I have noticed, however, is that when I connect to an SFTP server, it doesn't ask me about the server's host key, which suggests it isn't verified.

This is an issue with regards to MITM interception on untrusted networks.

Consider perhaps adding public host key verification and caching for future access attempts?