Topic "commandline download..."

Author Message
Thomas Boss

Guest


Hi,
i try to make a unattendet commandline download with the following commandline:

WinSCP.exe /command "open xx:xx@xx" "/option batch on" "/option confirm off" "get x/x/x.txt C:\x.txt" "exit" /Log="C:\log.txt"

unfortunatly i don't get it to work. I allways get this lines in the Log:

. 2007-11-21 18:49:12.875 Asking user:
. 2007-11-21 18:49:12.875 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 The server's rsa2 key fingerprint is:
. 2007-11-21 18:49:12.875 ssh-rsa 1024 c6:5b:58:f2:75:16:bb:3a:dd:46:70:44:f0:6c:31:45
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 Continue connecting and add host key to the cache? ()
. 2007-11-21 18:49:12.875 Attempt to close connection due to fatal exception:
* 2007-11-21 18:49:12.875 Host key wasn't verified!
. 2007-11-21 18:49:12.875 Closing connection.

i thought with "option batch on" i turned off the "Asking user" (which is quit stupid in a commandline, or not?)

I can't store the connection (in WinSCP the connection works) because there are different connections, and it would be easyier - because i allways trust my servers.

so, what could i do to get this working?

BR
Thomas
TS

Guest


Thomas Boss wrote:
Hi,
...
* 2007-11-21 18:49:12.875 Host key wasn't verified!
. 2007-11-21 18:49:12.875 Closing connection.
...
because i allways trust my servers.

so, what could i do to get this working?


Make a list of host keys for all of your servers, and add those host keys to WinSCP -- either through the use of an INI file, or via a registry file that you (silently?) import before firing off the WinSCP script.

I think Martin has said before, it's a gross security risk (read: Bad Idea[tm]) to blindly accept a host key without verification. That's putting all your trust in the infallibility of the network to prevent a MitM attack. In most cases the network is NOT cryptographically strong, and so it reduces the security of your ssh (weakest link, etc). If you really care so little about the security of your file transfer, plaintext FTP requires no host key caching and because it has no cryptographic overhead, may even be faster. The fact that you're sending your user account credentials in plain text is, in our hypothetical scenario, a non-issue. Or even better, use TFTP and dispense with the facade of user authentication altogether. Realize that any of these options are equivalent from a security standpoint. (Well, okay plain FTP might be worse because the user credentials revealed could potentially be used to impersonate that user elsewhere.)
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License