How to clear host key cache

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Locked
Message
Author
Herward
500 Syntax error
Posts: 14
Joined: 2008-09-02 03:43
First name: Herward
Last name: Hencke

How to clear host key cache

#1 Post by Herward » 2012-01-03 06:03

Some maintenance work had to be carried on my hosting server. Now I cannot connect to it any more.
I receive the following error message in FileZilla (3.5.2, Win XP):

Critical error, could not connect to server.
"Hostkey Mismatch.
Details for new key: ftp.certuspersonality.com:22"

My server technician tells me to clear FileZilla's host key cache, as the host key would have been reset with the reimaging at the server.

I could not find this cache in FileZilla.
How can I solve this problem?

Herward

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: How to clear host key cache

#2 Post by boco » 2012-01-03 06:14

FileZilla uses a slightly adapted PuTTY component for SFTP support, for this reason it shares the host key cache with PuTTY.

Win:
1. Open registry editor (regedit.exe).
2. Go to key HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys (note the key is extracted from my machine, I don't know if it's possible to have one under HKEY_LOCAL_MACHINE, too).
3. At the right side, your stored host keys are listed. Delete the superseded one, and next time FileZilla should ask you to accept the new.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Herward
500 Syntax error
Posts: 14
Joined: 2008-09-02 03:43
First name: Herward
Last name: Hencke

Re: How to clear host key cache

#3 Post by Herward » 2012-01-05 12:46

URGENT reply needed now.

In HKEY_LOCAL_MACHINE\Software there are the folders
FileZilla 3
and
FileZilla Client.

I assume FileZilla Client is the correct one. This is probably the "cache"?
As there is a lot in there, I attach the image of it.
What in there do I have to delete?

Thanks.
Herward
Attachments
Screenshot - 12_01_03 , 04_41_17 PM.jpg
Screenshot - 12_01_03 , 04_41_17 PM.jpg (58.65 KiB) Viewed 63867 times

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: How to clear host key cache

#4 Post by boco » 2012-01-05 14:18

Code: Select all

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
That's the key with the SSH cache. Don't delete anything within the other keys.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Herward
500 Syntax error
Posts: 14
Joined: 2008-09-02 03:43
First name: Herward
Last name: Hencke

Re: How to clear host key cache

#5 Post by Herward » 2012-01-05 15:32

This is not clear to me.
Which of the lines in that supplied snapshot picture should I delete?
Herward

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: How to clear host key cache

#6 Post by botg » 2012-01-05 19:32

None, you are at the wrong location. Please navigate to the location Boco mentioned.

Herward
500 Syntax error
Posts: 14
Joined: 2008-09-02 03:43
First name: Herward
Last name: Hencke

Re: How to clear host key cache

#7 Post by Herward » 2012-01-06 06:58

You did not mention any location by the name of BOCO.
Can you please give me precise step-by-step instructions to which location I have to go and which lines to delete in there.
Herward

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: How to clear host key cache

#8 Post by boco » 2012-01-06 09:41

Is that some kind of joke!?

I will now give the location a THIRD time

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

The entry to delete at the right is the one with the name of your server.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Herward
500 Syntax error
Posts: 14
Joined: 2008-09-02 03:43
First name: Herward
Last name: Hencke

Re: How to clear host key cache

#9 Post by Herward » 2012-01-06 11:04

In your initial reply you stated "...if it's possible to have one under HKEY_LOCAL_MACHINE..."., so I concluded that I should look under HKEY_LOCAL_MACHINE.

I have meanwhile solved the problem by uninstalling/reinstalling FileZilla using RevoUninstaller which also uninstalled the HKEY files.
FileZila works again.

Additional remark:
Your instructions have to be unequivocally clear to the general user who is not versed in dealing with Windows Registry, and he shouldn't need to enter this area at all.
FileZilla's key cache should not be in the Registry, as other FTP programs do not have there either, for good reason.

Herward

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: How to clear host key cache

#10 Post by boco » 2012-01-06 19:08

In your initial reply you stated "...if it's possible to have one under HKEY_LOCAL_MACHINE...".
Nope, I wrote I don't know if one could be under HKLM, as I merely looked up the location in my registry.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

PaulScott
500 Command not understood
Posts: 5
Joined: 2017-07-24 23:38
First name: Paul
Last name: Scott

Re: How to clear host key cache

#11 Post by PaulScott » 2017-07-25 00:25

Why not resolve all of this by including a way to clear the certificates in the program itself?

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: How to clear host key cache

#12 Post by botg » 2017-07-25 06:36

It's not needed. There's already a dialog when connecting for changed host keys.

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: How to clear host key cache

#13 Post by boco » 2017-07-25 14:13

Does FileZilla automatically purge old, expired Host keys and TLS certificates?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

PaulScott
500 Command not understood
Posts: 5
Joined: 2017-07-24 23:38
First name: Paul
Last name: Scott

Re: How to clear host key cache

#14 Post by PaulScott » 2017-07-25 15:48

I changed the certificate on the server side (Windows 2012 R2), and FileZilla did not detect the change and I still cannot login using explicit FTP over TLS. So I also uninstalled FileZilla completely from the client machine, then re-installed it, and I still do not get prompted to accept the new certificate. However, I might add that I've never successfully been able to get TSL to work, but I was at least getting the prompt to accept the certificate, about 2 days ago, but was getting a different GnuL certificate error. I have been working on getting this to work for several weeks with no success. I checked the System Events in the Event Viewer, and found the following:

An error occurred while using SSL configuration for endpoint 0.0.0.0:443. The error status code is contained within the returned data.

A quick search of the Internet turned up this article:

https://technet.microsoft.com/en-us/lib ... 2147217396

Wherein the author states that certificates must be "registered with the server."

I am a very experienced programmer and IT person, and normally can figure this stuff out on my own, but this one truly has me stumped. I have FTP working for multiple sites in fine in plain FTP (insecure) mode, PASSIVE and ACTIVE, but cannot get it to work using SSL certificates in TLS mode. This is what I am getting when I try to connect:

Status: Resolving address of ftp.drdang.net
Status: Connecting to xx.xx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 431 Failed to setup secure session.
Command: AUTH SSL
Response: 431 Failed to setup secure session.
Error: Could not connect to server

I did try FileZilla on the server itself, and received the following error:

Status: Connecting to 127.0.0.1:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 431-Failed to setup secure session.
Response: Win32 error: Cannot find object or property.
Response: Error details: SSL certificate was not found.
Response: 431 End
Command: AUTH SSL
Response: 431-Failed to setup secure session.
Response: Win32 error: Cannot find object or property.
Response: Error details: SSL certificate was not found.
Response: 431 End
Error: Could not connect to server

Please let me know if you have any ideas on how I should proceed with figuring this out. The following is my configuration:

- Windows 2012 R2 server, with IIS 8.5, (Windows firewall ON or OFF makes no difference)
- Cisco PIX 515e with ports 80, 443, 989, 990, 21, 22 and a passive range of 5000 to 5010 open.

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: How to clear host key cache

#15 Post by botg » 2017-07-25 16:43

This topic is about host keys, please do not hijack it with unrelated issues.

Locked