Problem with private key...

Advertisement

p1c0
Joined:
Posts:
18
Location:
France

Problem with private key...

Hi all,

i try to upload file on a ssh server with WinSCP. I use Pageant to store my private key but when i try to open my session with a script, i've got the message which ask if i want to trust the server... By default, it answer Cancel. Since i use a script, it answer Cancel each time so i want to know if there is a method to turn around this??

Thanks in advance.

p1c0.

Reply with quote

Advertisement

p1c0
Joined:
Posts:
18
Location:
France

Hi all,

i will give you more information in order you can help me...

I use WinSCP 3.7.5 and my server is OpenSSH v4.0p1

Here is beginning of my script :

option batch on
option confirm off
open root@192.168.1.10:22
option transfer binary

But as I say before, it doesn't work because i can't say that I trust the server... :(

Any help???

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

p1c0 wrote:

So i understand that what I want to do is not a good solution, but how can i give possibility to the user to reply Yes to the answer?? :?
Either let user to accept the key first (in interactive mode) or distribute the key with your script (in INI file or import the key into registry before running the script).

Reply with quote

p1c0
Joined:
Posts:
18
Location:
France

martin wrote:

Either let user to accept the key first (in interactive mode)

So i have to delete "option confirm off" of my script??

martin wrote:

or distribute the key with your script (in INI file or import the key into registry before running the script).

Ok, so i have to create a rsa2@server_port:server_ip in this registry [HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SshHostKeys]. Am i right?

But i have difficulties to know where come the value from??

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

p1c0 wrote:

martin wrote:

Either let user to accept the key first (in interactive mode)

So i have to delete "option confirm off" of my script??
I've ment that you should instruct the user that before running your script the first time, he/she needs to accept the host key. Whatever way.

martin wrote:

or distribute the key with your script (in INI file or import the key into registry before running the script).

Ok, so i have to create a rsa2@server_port:server_ip in this registry [HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SshHostKeys]. Am i right?

But i have difficulties to know where come the value from??
Accept the key on your station and reuse the value stored into registry.

Reply with quote

p1c0
Joined:
Posts:
18
Location:
France

martin wrote:

I've ment that you should instruct the user that before running your script the first time, he/she needs to accept the host key. Whatever way.

martin wrote:

Accept the key on your station and reuse the value stored into registry.

Ok. There is no other method? I don't think people who will use my application can do that. So i would create a batch in order to do that... Is it possible?

Thanks for your help

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

p1c0 wrote:

Ok. There is no other method? I don't think people who will use my application can do that. So i would create a batch in order to do that... Is it possible?
Definitelly. I've meant it so. Again, either distribute the INI file or import the key into registry from batch file before running the script (using regedit.exe).

Reply with quote

p1c0
Joined:
Posts:
18
Location:
France

Sory but i have difficulties to speak english... :?

I want to know if there is a method to calculate value of registry when we know the server fingerprint?

I have understood that i have to store this value in registry but i just search a method to determine this value...

Thanks a lot.

Reply with quote

Advertisement

martin
Site Admin
martin avatar

p1c0 wrote:

I want to know if there is a method to calculate value of registry when we know the server fingerprint?
Probably there is. But why do you want to do that, if you know the value? Or you do not know it?

Reply with quote

p1c0
Joined:
Posts:
18
Location:
France

martin wrote:

Probably there is. But why do you want to do that, if you know the value? Or you do not know it?

My application is supposed to be sell. So, it is not possible to have the same fingerprint for all ssh servers which will be installed. So the ini file or the registry key will change and i have to know the value of the key without accept the first time if it is possible...

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

p1c0 wrote:

My application is supposed to be sell. So, it is not possible to have the same fingerprint for all ssh servers which will be installed. So the ini file or the registry key will change and i have to know the value of the key without accept the first time if it is possible...
Then you know neither the fingerprint. Are you going to let user specify it during installation? Then you can have another script with "option batch off" that is launched during installation that would just connect to the server. You will instruct the user that he/she needs to verify the host key and eventually accept it (pressing "yes").

Reply with quote

p1c0
Joined:
Posts:
18
Location:
France

Yes i want that user can generate a new fingerprint on the server... But with option batch off, it exactly what i want to do! User can simply answer that he trust the server without doing a lot of things...

Thanks a lot for your help! :P

p1c0.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

p1c0 wrote:

Yes i want that user can generate a new fingerprint on the server...
I do not get this. User AFAIK cannot generate new host key (neither its fingerprint). Host key is typically generated only during installation of the server. User typically accept the key only on client machine.

Reply with quote

martin
Site Admin
martin avatar

p1c0 wrote:

It is not possible to change fingerprint of the server after installation? :? (with ssh-keygen ?)
Technically it is possible. But it makes no sense. And only administrator of the server (root) can do that. I do not know what is your audience.

Reply with quote

p1c0

Ok, thanks for your comment. For the moment, user can't change the fingerprint. Perhaps in the future but it's not sure. I want to do this in order to increase security but i'm not sure it is really necessary... :?

Reply with quote

Advertisement

You can post new topics in this forum