Evotec

Project

Transferetto

Small PowerShell module with FTPS/SFTP functionality

View on GitHub Releases Get package
Stars64
Forks15
Open issues10
PowerShell Gallery downloads12892266
Releasev1.0.0
Language: PowerShell Updated: 2026-02-14T21:19:42.0000000+00:00

Curated Examples

Enforce SSH host-key policy

Use Transferetto to pin host keys, validate known hosts, or use TOFU intentionally.

This pattern is useful when you want SSH automation to be explicit about trust instead of silently accepting a server key.

It is adapted from the source example at Examples/Example20-SSHHostKeyPolicy.ps1.

When to use this pattern

  • You are connecting to production or partner systems.
  • You need repeatable host-key validation behavior.
  • You want a documented path for pinned fingerprints, known-hosts files, or TOFU.

Example

Import-Module Transferetto

$expectedFingerprint = 'SHA256:REPLACE_WITH_SERVER_FINGERPRINT'
$knownHostsPath = Join-Path $env:LOCALAPPDATA 'Transferetto\ssh-known-hosts.tsv'

$sshClient = Connect-SSH -Server 'server.example.com' `
    -Credential (Get-Credential) `
    -ExpectedHostKeyFingerprint $expectedFingerprint `
    -ConnectionTimeoutSeconds 15 `
    -KeepAliveIntervalSeconds 30 `
    -RetryAttempts 2

$sshClient.HostKeyInfo | Format-List
Disconnect-SSH -SshClient $sshClient

Other supported trust models

  • -HostKeyPolicy TrustOnFirstUse -KnownHostsPath $knownHostsPath
  • -HostKeyPolicy KnownHosts -KnownHostsPath $knownHostsPath
  • -AcceptAnyHostKey for disposable test environments only

What this demonstrates

  • connecting with an explicit expected host-key fingerprint
  • inspecting the returned host-key metadata on the session
  • keeping the trust decision visible in the script instead of implicit

Source