Page 1 of 1

How to clear host key cache

Posted: 2012-01-03 06:03
by Herward
Some maintenance work had to be carried on my hosting server. Now I cannot connect to it any more.
I receive the following error message in FileZilla (3.5.2, Win XP):

Critical error, could not connect to server.
"Hostkey Mismatch.
Details for new key: ftp.certuspersonality.com:22"

My server technician tells me to clear FileZilla's host key cache, as the host key would have been reset with the reimaging at the server.

I could not find this cache in FileZilla.
How can I solve this problem?

Herward

Re: How to clear host key cache

Posted: 2012-01-03 06:14
by boco
FileZilla uses a slightly adapted PuTTY component for SFTP support, for this reason it shares the host key cache with PuTTY.

Win:
1. Open registry editor (regedit.exe).
2. Go to key HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys (note the key is extracted from my machine, I don't know if it's possible to have one under HKEY_LOCAL_MACHINE, too).
3. At the right side, your stored host keys are listed. Delete the superseded one, and next time FileZilla should ask you to accept the new.

Re: How to clear host key cache

Posted: 2012-01-05 12:46
by Herward
URGENT reply needed now.

In HKEY_LOCAL_MACHINE\Software there are the folders
FileZilla 3
and
FileZilla Client.

I assume FileZilla Client is the correct one. This is probably the "cache"?
As there is a lot in there, I attach the image of it.
What in there do I have to delete?

Thanks.
Herward

Re: How to clear host key cache

Posted: 2012-01-05 14:18
by boco

Code: Select all

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
That's the key with the SSH cache. Don't delete anything within the other keys.

Re: How to clear host key cache

Posted: 2012-01-05 15:32
by Herward
This is not clear to me.
Which of the lines in that supplied snapshot picture should I delete?
Herward

Re: How to clear host key cache

Posted: 2012-01-05 19:32
by botg
None, you are at the wrong location. Please navigate to the location Boco mentioned.

Re: How to clear host key cache

Posted: 2012-01-06 06:58
by Herward
You did not mention any location by the name of BOCO.
Can you please give me precise step-by-step instructions to which location I have to go and which lines to delete in there.
Herward

Re: How to clear host key cache

Posted: 2012-01-06 09:41
by boco
Is that some kind of joke!?

I will now give the location a THIRD time

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

The entry to delete at the right is the one with the name of your server.

Re: How to clear host key cache

Posted: 2012-01-06 11:04
by Herward
In your initial reply you stated "...if it's possible to have one under HKEY_LOCAL_MACHINE..."., so I concluded that I should look under HKEY_LOCAL_MACHINE.

I have meanwhile solved the problem by uninstalling/reinstalling FileZilla using RevoUninstaller which also uninstalled the HKEY files.
FileZila works again.

Additional remark:
Your instructions have to be unequivocally clear to the general user who is not versed in dealing with Windows Registry, and he shouldn't need to enter this area at all.
FileZilla's key cache should not be in the Registry, as other FTP programs do not have there either, for good reason.

Herward

Re: How to clear host key cache

Posted: 2012-01-06 19:08
by boco
In your initial reply you stated "...if it's possible to have one under HKEY_LOCAL_MACHINE...".
Nope, I wrote I don't know if one could be under HKLM, as I merely looked up the location in my registry.

Re: How to clear host key cache

Posted: 2017-07-25 00:25
by PaulScott
Why not resolve all of this by including a way to clear the certificates in the program itself?

Re: How to clear host key cache

Posted: 2017-07-25 06:36
by botg
It's not needed. There's already a dialog when connecting for changed host keys.

Re: How to clear host key cache

Posted: 2017-07-25 14:13
by boco
Does FileZilla automatically purge old, expired Host keys and TLS certificates?

Re: How to clear host key cache

Posted: 2017-07-25 15:48
by PaulScott
I changed the certificate on the server side (Windows 2012 R2), and FileZilla did not detect the change and I still cannot login using explicit FTP over TLS. So I also uninstalled FileZilla completely from the client machine, then re-installed it, and I still do not get prompted to accept the new certificate. However, I might add that I've never successfully been able to get TSL to work, but I was at least getting the prompt to accept the certificate, about 2 days ago, but was getting a different GnuL certificate error. I have been working on getting this to work for several weeks with no success. I checked the System Events in the Event Viewer, and found the following:

An error occurred while using SSL configuration for endpoint 0.0.0.0:443. The error status code is contained within the returned data.

A quick search of the Internet turned up this article:

https://technet.microsoft.com/en-us/lib ... 2147217396

Wherein the author states that certificates must be "registered with the server."

I am a very experienced programmer and IT person, and normally can figure this stuff out on my own, but this one truly has me stumped. I have FTP working for multiple sites in fine in plain FTP (insecure) mode, PASSIVE and ACTIVE, but cannot get it to work using SSL certificates in TLS mode. This is what I am getting when I try to connect:

Status: Resolving address of ftp.drdang.net
Status: Connecting to xx.xx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 431 Failed to setup secure session.
Command: AUTH SSL
Response: 431 Failed to setup secure session.
Error: Could not connect to server

I did try FileZilla on the server itself, and received the following error:

Status: Connecting to 127.0.0.1:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 431-Failed to setup secure session.
Response: Win32 error: Cannot find object or property.
Response: Error details: SSL certificate was not found.
Response: 431 End
Command: AUTH SSL
Response: 431-Failed to setup secure session.
Response: Win32 error: Cannot find object or property.
Response: Error details: SSL certificate was not found.
Response: 431 End
Error: Could not connect to server

Please let me know if you have any ideas on how I should proceed with figuring this out. The following is my configuration:

- Windows 2012 R2 server, with IIS 8.5, (Windows firewall ON or OFF makes no difference)
- Cisco PIX 515e with ports 80, 443, 989, 990, 21, 22 and a passive range of 5000 to 5010 open.

Re: How to clear host key cache

Posted: 2017-07-25 16:43
by botg
This topic is about host keys, please do not hijack it with unrelated issues.