Topic "Session open with tunneling"

Author Message
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
I am trying to connect to my server thru tunneling server. My trial code is this :

Code:
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<MyServerFQDN>",
    PortNumber = <Port>,
    UserName = "<UserName>",
    Password = "<PassWd>",
    SshHostKeyFingerprint = "<MyServer'sFingerPrint>"
};

using (Session session = new Session())
{
    // Connect
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer");
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>");
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>");
    session.Open(sOs);

}


But I got an Error message like this :

Quote:
Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is <Tunnel Server's Fingerprint>
Authentication failed.


I cannot understand how to set the tunnel server's fingerprint. I guess it may exist in the [SshHostKeys] section in the WinSCP.ini file, but I could not use it.

Would you tell me how to set tunnel server's fingerprint ? or is there any other workaround ?

Thanks!
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Ok, this might be tricky.

Point is that you need to add both fingerprints to the SshHostKeyFingerprint, separated by semicolon.

But the current validation rules prevents you doing that.
You can circumvert that by using AddRawSettings("HostKey", "hostkey1;hostkey2")

Let me know.

Issue added to the tracker:
http://winscp.net/tracker/show_bug.cgi?id=932
_________________
Martin Prikryl
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Thank you for quick reply!

But unfortunately I tried to set by AddRawSettings but It didn't work.

Code:
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<MyServerFQDN>",
    PortNumber = <Port>,
    UserName = "<UserName>",
    Password = "<PassWd>"
//,
//    SshHostKeyFingerprint = "<MyServer'sFingerPrint>"
};

using (Session session = new Session())
{
    // Connect
    sOs.AddRawSettings("HostKey", "<MyServer'sFingerPrint>;<Tunnel Server's Fingerprint>");
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer>");
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>");
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>");
    session.Open(sOs);

}


result:

Quote:
Error: System.ArgumentException: SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.HostKey is not set.
場所 WinSCP.Session.SessionOptionsToOpenSwitches(SessionOptions sessionOptions)
場所 WinSCP.Session.SessionOptionsToOpenArguments(SessionOptions sessionOptions)
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VCSProj\scptest\scptest\Form1.cs:行 57

(sorry including Japanese characters)



What should I do else ?

One confirmation, I use the form of "ssh-rsa 2048 xx:xx:xx:.....Madx" as my fingerprints format when I set them by AddRawSettings, is it correct ?
(I wonder if 'Raw' means the exact way in winscp.ini strings)

Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Just set SessionOptions.SshHostKeyFingerprint to any valid value to circumvert the check. The raw settings overrides its value anyway.

Anyway, I've sent you an email with link a to a dev version that fixes your issue.
Let me know.
_________________
Martin Prikryl
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Thank you for sending your test modules.

I tried immediately and got the followed results :

Quote:
Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VCSProj\scptest\scptest\Form1.cs:行 57


Fingerprint's in the Error message was the one for Tunnel server's.

My code is like this :

Code:
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<MyServerFQDN>",
    PortNumber = <Port>,
    UserName = "<UserName>",
    Password = "<PassWd>" ,
    SshHostKeyFingerprint = "<Tunnel Server's FingerPrint>;<MyServer's FingerPrint>"
};

using (Session session = new Session())
{
    // Connect
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer>");
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>");
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>");
    session.Open(sOs);

}


I guess somewhere of authentication process of tunnel server's fingerprint may not good to work.
In addition, it also did not work when I changed the fingerprints' order. (same error message)

Regards,
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Please set Session.SessionLogPath and email me or attach here the log.
_________________
Martin Prikryl
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Ok, I will send you Session.log by E-mail.


Regards,
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Hi,

Did my e-mail arrive to you ? I attached the same Session.log file here in case it may lost.

Regards,
SesLog.txt (4.61 KB) [Download]

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Yes. I've sent you new build for testing while ago.

Anyway, 5.1.1 has been released meanwhile with TunnelHostKey raw session settings added for you.
http://winscp.net/tracker/show_bug.cgi?id=938
_________________
Martin Prikryl
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
prikryl wrote:
Yes. I've sent you new build for testing while ago.

Anyway, 5.1.1 has been released meanwhile with TunnelHostKey raw session settings added for you.
http://winscp.net/tracker/show_bug.cgi?id=938


I am sorry I did not notice receiving your e-mail.
Justnow I tested it quickly but again I could not success tunneling. It was the same result.

I will confirm later and will upload the results.

Regards,
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
I tested again and finally got the same error result.

Quote:
Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VC# Projects\C#2010\scptest\scptest\Form1.cs:行 58


Code:
// Setup session options
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "HOSTNAME.xxx.xxx.ne.jp",
    PortNumber = 54322,
    UserName = "<USERNAME>",
    Password = "password"
    ,
    SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"
};

using (Session session = new Session())
{
   // Overwrite ?
    sOs.AddRawSettings("HostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c;ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2");
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "TNLHOST.xxx.xxx.ne.jp");
    sOs.AddRawSettings("TunnelPortNumber", "54322");
    sOs.AddRawSettings("TunnelUserName", "<TNLUSER>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "tnluser.ppk");

    session.SessionLogPath = @"I:\VC# Projects\C#2010\scptest\SesLog1.txt";
    session.Open(sOs);
}



Would you teach me how to set the HostKey by AddRawSettings in detail ?


Best regards,

PS.

One thing good for you, I confirmed that I could use the character "#" in the path ! It's great! Thank you!!
SesLog1.txt (4.67 KB) [Download]

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Use SessionOptions.SshHostKeyFingerprint to set you main session host key fingerprint and SessionOptions.AddRawSettings("TunnelHostKey", ...) to set the tunnel session host key fingerprint.
_________________
Martin Prikryl
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Same results.

Quote:
Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VC# Projects\C#2012\scptest\scptest\Form1.cs:行 56


Code:

                   SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"

                    sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");


In the session.log,
Quote:

. 2012-11-19 20:39:15.628 [Tunnel] Server version: SSH-2.0-OpenSSH_5.3
. 2012-11-19 20:39:15.628 [Tunnel] Using SSH protocol version 2
. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1
. 2012-11-19 20:39:15.633 [Tunnel] Doing Diffie-Hellman group exchange
. 2012-11-19 20:39:15.678 [Tunnel] Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-11-19 20:39:15.829 [Tunnel] Verifying host key rsa2 0x23,0xb9e7a68722066c319d939feda1.... with fingerprint ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-11-19 20:39:15.830 Asking user:
. 2012-11-19 20:39:15.830 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 The server's rsa2 key fingerprint is:
. 2012-11-19 20:39:15.830 ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 Continue connecting and add host key to the cache? ()
. 2012-11-19 20:39:15.830 [Tunnel] Closing connection.
. 2012-11-19 20:39:15.830 [Tunnel] Sending special code: 12


SessionLog said 'The server's host key was not found in the cache.'.

What can I do next ? I don't understand where I was wrong ...

Regards,
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
In addition, I tried to repeat with AddRowSettings deleted and got the quite same result.

I guess 'TunnelHostKey' was ignored. Perhaps same as 'HostKey' and 'SshHostKey'.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Hiro.A wrote:
. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1

I have sent you a dev version 5.2. You are using official 5.1.1. It does not support the TunnerHostKey.
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
prikryl wrote:
Hiro.A wrote:
. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1

I have sent you a dev version 5.2. You are using official 5.1.1. It does not support the TunnerHostKey.


I am sorry again. So I tried again with V5.2 , but nothing seemed to change.

For my confirmation, Are they the correct things ?
<deleted by admin>

I received these at Date: Sat, 03 Nov 2012 08:25:35 +0100(mail header) and there are nothing newer.

I attached a debug log. In it,
Quote:
[2012-11-23 11:47:30.727Z] [0009] Command: [open -hostkey="ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2" -timeout=15 "sftp://<USER>:<PASSWD>@<SSHHOST>.jp:22222" -rawsettings Tunnel="1" TunnelHostKey="ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c" TunnelHostName="<TUNNELHOST>.jp" TunnelPortNumber="22222" TunnelUserName="<TUNNELUSER>"]
<snip>
[2012-11-23 12:30:03.645Z] [000a] Output: [Authenticating...]
[2012-11-23 12:30:03.649Z] [000b] ExeSessionProcess.ProcessEvent entering
[2012-11-23 12:30:03.650Z] [000b] Scheduling output: [The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.]
[2012-11-23 12:30:03.650Z] [000b] Scheduling output: [The server's rsa2 key fingerprint is:]
[2012-11-23 12:30:03.651Z] [000a] Output: [The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.]
[2012-11-23 12:30:03.652Z] [000b] Scheduling output: [ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c]


TunnelHostKey seemed to not be processed by the right way in the program.
My understanding is that TunnleHostKey is set into the cache when I set it by rawSettings.
Is that right ? If so, the message in debug log seemed a little bit strange.

Regards,
DbgLog.txt (22.24 KB) [Download]

Description: Debug log

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
For the URLs: Yes, they are correct.
Please set Session.SessionLogPath and attach the log.
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Ok. I attached the session log.

And I pasted my code for confirmation.

Code:
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<SSHOST>.jp",
    PortNumber = 22222,
    UserName = "<USER>",
    Password = "<PASSWD>",
    SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"
};

using (Session session = new Session())
{
    sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<TUNNELHOST>.jp");
    sOs.AddRawSettings("TunnelPortNumber", "22222");
    sOs.AddRawSettings("TunnelUserName", "<TUNNELUSER>");
    sOs.AddRawSettings("TunnelPublicKeyFile", @"I:\My Docs\privkey.ppk");

    session.SessionLogPath = @"I:\VC# Projects\C#2010\scptest\SesLog.txt";
    session.Open(sOs);
SesLog.txt (4.63 KB) [Download]

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Ok, sorry, my fault. Please download 5.1.2

This bug has been added to the tracker:
http://winscp.net/tracker/show_bug.cgi?id=948
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
I tried V5.1.2, but nothing changed yet.

Are you sure the needed key is "TunnelHostKey" ? Did I misunderstand or else ?
I can't understand what was happen.

Quote:
sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");


If you have something difficult to solve this issue, would you give me another solution ? For example, can you modify the program to auto-accept hostkeys ?
Or would you reveal the source code ?

Quote:
. 2012-12-04 16:32:42.475 [Tunnel] Server version: SSH-2.0-OpenSSH_5.3
. 2012-12-04 16:32:42.475 [Tunnel] Using SSH protocol version 2
. 2012-12-04 16:32:42.475 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.2
. 2012-12-04 16:32:42.480 [Tunnel] Doing Diffie-Hellman group exchange
. 2012-12-04 16:32:42.526 [Tunnel] Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-12-04 16:32:42.681 [Tunnel] Verifying host key rsa2 0x23,0xb9e7a68722066c319d939feda1a6d13b43bf281167f0c04336c267a7ad927faeae9eed689161f8d0a5a9ee3c7cdae47d611ad471c357e74dda0ebaed7e13a82d0f023b9247811622cda40dfe8c9366dfad8ef93beeb7b6575dbafca6801386e8f5ab51b5b179af3425f1000b847caa9a40782f784fdc0b4db709b69db2035f6b6c61d56cbfa2a7f9a861bbbf81a01c5d20b831d246fc61adfec4ed9dd587e6c559ed150b9c8dbb06642bbbbab886d4caa47ae4257fa05d5f7200e6c54b8cff85c582063b9d47c000faf865f290a50deb770e9aef1b44b241ee3947bfac2a244759ae6c7b343a6472b3dfbc84986ddbce2593d8d82bc236b617e9719c464547f3 with fingerprint ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-12-04 16:32:42.681 Asking user:
. 2012-12-04 16:32:42.681 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 The server's rsa2 key fingerprint is:
. 2012-12-04 16:32:42.681 ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 Continue connecting and add host key to the cache? ()
. 2012-12-04 16:32:42.681 [Tunnel] Closing connection.
. 2012-12-04 16:32:42.681 [Tunnel] Sending special code: 12
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I'm sending you an email with a development version of WinSCP to address you have used to register on this forum.
Hiro.A
[View user's profile]

Joined: 2012-10-24
Posts: 18
Location: Japan
Great! Finally it worked perfectly! Very Happy

Thank you very much. I appreciate your effort.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Thanks for your feedback and patience!
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License