Topic "WinSCP with Putty-CAC"

Author Message
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
I am trying to use WinSCP 5.1.1 with Putty-CAC for authentication. However, anytime I try to connect to our server Pageant seems to fail to communicate. Here is the log below:

. 2012-12-07 07:27:04.652 Pageant is running. Requesting keys.
. 2012-12-07 07:27:04.655 Failed to get reply from Pageant
! 2012-12-07 07:27:04.655 Using username "USERNAME".
. 2012-12-07 07:27:06.560 Prompt (7, SSH password, , &Password: )
. 2012-12-07 07:27:07.855 Attempt to close connection due to fatal exception:
. 2012-12-07 07:27:07.855 Closing connection.
. 2012-12-07 07:27:07.855 Sending special code: 12
* 2012-12-07 07:27:07.964 (ESshFatal)

The last version of WinSCP that will work with Putty-CAC without any problems is 4.2.9. I really would like to be able to upgrade our WinSCP but I can not do so because we have to use Putty-CAC. So my question is can support be added in these newer version to support Putty-CAC once again? What changed from 4.2.9 to newer versions for it to stop working?

Putty-CAC can be found here: http://www.risacher.org/putty-cac/
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24553
Location: Prague, Czechia
Is the PuTTY-CAC Pageant different from the one that is in standard PuTTY package? Does it have some CAC-specific functionality?
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
Putty-CAC is suppose to be in sync with the latest putty (0.62). However, when you view the version information it says, "unidentified build". Putty-CAC adds support for MS-CAPI for CAC's. Like I said before Putty-CAC works fine with older versions up to 4.2.9 but nothing after that for some reason. Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24553
Location: Prague, Czechia
jdantzler wrote:
Putty-CAC is suppose to be in sync with the latest putty (0.62). However, when you view the version information it says, "unidentified build". Putty-CAC adds support for MS-CAPI for CAC's. Like I said before Putty-CAC works fine with older versions up to 4.2.9 but nothing after that for some reason. Thanks.

Ok, I'm asking, if the CAC Pageant is the same as in standard PuTTY or if there's something special in the CAC Pageant. I.e. does the CAC Pageant allow WinSCP to use CAC? Or do you use CAC Pageant with WinSCP only because you use the CAC package in general? What if you replace the CAC pageant with standard one? Would WinSCP work? (I suppose it would). Would it break anything in your workflow? Also, can you auntheticate using the latest standard PuTTY via the CAC Pageant?
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
Yes, the CAC Pageant uses our CAC to authenticate with winSCP. If I was to replace the CAC Pageant with the regular one there would be no way for us to use our CAC's to access the server. CAC Pageant has a built in extra button, "Add CAPI Cert". We use this button to add our CAPI Cert from our CAC for authentication. The only thing I can thing of is something is not quite right with Putty-CAC. Although, it says it is updated to be in sync with the regular putty (0.62) something must be messed up. We have to use Putty-CAC as there is no other way that I know of around this. I have already contacted the developer of Putty-CAC and I am waiting on a response. Its been over three weeks so far. I just was unsure if there was something that could be fixed on this end or not.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24553
Location: Prague, Czechia
Thanks for explanation.
So, can you authenticate using the latest standard PuTTY via the CAC Pageant?

Note that there has been a change in how PuTTY (or WinSCP) and Pageant communicate in PuTTY 0.61. So PuTTY 0.61 does not talk to Pageant 0.60. Though PuTTY 0.62 fixed that. It now talks to both old and new Pageants. The same for the latest WinSCP.
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
The way we authenticate I don't think we even need to use Putty at all. We do not use Putty Private Keys in Pageant. I am almost certain Pageant CAC doesn't use Putty for authentication. I can just have Pageant CAC on computer without any Putty and it will work on WinSCP 4.2.9 I believe. Correct me if I am wrong. How would I test this for sure?
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
Ok, I just modified the source code for it and I got it working finally. It appears that the developer accidentally deleted some necessary code from the original putty. Thanks for all your help.
pivinoperable

Guest


jdantzler wrote:
Ok, I just modified the source code for it and I got it working finally. It appears that the developer accidentally deleted some necessary code from the original putty. Thanks for all your help.


Appreciate the information in this thread. Was able to get the latest Putty-CAC working with winSCP 4.2.9. Any chance you still have the file with the code change for the later version of winSCP?
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
pivinoperable wrote:
jdantzler wrote:
Ok, I just modified the source code for it and I got it working finally. It appears that the developer accidentally deleted some necessary code from the original putty. Thanks for all your help.


Appreciate the information in this thread. Was able to get the latest Putty-CAC working with winSCP 4.2.9. Any chance you still have the file with the code change for the later version of winSCP?


See attached. This is PuTTY-CAC updated/modified to 0.63 by me. This should work with newer versions of WinSCP for you. All the executable's are in the executable folder if you don't want to compile and build the code yourself. Hope this helps.
PuTTY CAC 0.63 With Original Pageant.zip (2.39 MB) [Download]

Description: PuTTY-CAC 0.63 (Updated/Modified by me)

Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License