Topic "Need help with automatic host key acceptance"

Author Message
ecarew
[View user's profile]

Joined: 2009-03-26
Posts: 3
Location: Evan at Sumitomo
I am trying to get my copy of winscp 4.1.8 (Build 415) on a windows 2003 server to run with the hostkey option to the open command. I can't seem to get it to function. It's as if I didn't put the option in the script file at all, the program simply stops without opening up a session. Does anyone have an example of a command line that works for this feature, with this version of winscp?

Thanks
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Please read documentation. If that does not help, come back.
_________________
Martin Prikryl
Guest




Yes, we tried this option, but couldn't get it to work. It was as if this option was silently ignored.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Please post your script and a command you use to run WinSCP.
_________________
Martin Prikryl
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
I'm having the same issue. When you do your next documentation additions, can you provide examples of how the switches and options should be used? Thanks! I've tried to put the auto accept of the host key in many places using a script file with no succes so I decided to go to my command line. Here's my command

open sftp:user:pass@site.com /hostkey=ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea

When I execute this I receive a "too many parameters for command 'open'" error.

Can you, or someone who has successfully done this, provide me with an example of how and where to use this switch? And please don't tell me to go read documentation. It's obvious that I've been there and it's not helping. Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
JimGriffith wrote:
I'm having the same issue. When you do your next documentation additions, can you provide examples of how the switches and options should be used? Thanks! I've tried to put the auto accept of the host key in many places using a script file with no succes so I decided to go to my command line. Here's my command

open sftp:user:pass@site.com /hostkey=ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea

When I execute this I receive a "too many parameters for command 'open'" error.

There is an example in documentation of open command. Basically you need to enclose the host key to quotes.
_________________
Martin Prikryl
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
Just tried that and it didn't work here's my command

open sftp:user:pass@site.com /hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"

Same results. Too many parameters.
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
okay I was able to get it to work this way

open sftp://user:pass@site.com -hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"

After it worked on one machine I tried it on another and received the too many parameters error. After I looked at the version on that machine I realized it was only 4.0.x and it worked once I upgraded. However, I noticed that even though I'm specifying the host key, it doesn't store the fingerprint in the registry. Is there another option to store that?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
JimGriffith wrote:
However, I noticed that even though I'm specifying the host key, it doesn't store the fingerprint in the registry. Is there another option to store that?

Why do you need that?
_________________
Martin Prikryl
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
So that the next time I want to send to that address I don't have to specify the host key.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
JimGriffith wrote:
So that the next time I want to send to that address I don't have to specify the host key.

That does not make any sense. So either you are doing automatic script that has to run with default configuration (on any machine), without making any changes to it. Than you use -hostkey. Or you want to cache the hostkey for regular (non-automatic) use. Than you can do it from GUI or by importing the settings to registry (you can do it automatically as well). You are mixing two different things together.
_________________
Martin Prikryl
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
Yes I am but I want to do it in scripting. After I have a transfer failure, because it's a new site and I haven't accepted the host key, I want to be able to run my process which will pull the host key from the log, connect to the site, automatically accepting the key that I've supplied, and storing what it needs in the registry for future scripting use.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
JimGriffith wrote:
Yes I am but I want to do it in scripting. After I have a transfer failure, because it's a new site and I haven't accepted the host key, I want to be able to run my process which will pull the host key from the log, connect to the site, automatically accepting the key that I've supplied, and storing what it needs in the registry for future scripting use.

OK, that's something you absolutely should not do. You break all security in SSH by this. Of course do whatever you want to do. But do not ask me to implement support for it.
_________________
Martin Prikryl
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
Okay so forget that I said the scripting part but asking for it to save the information in the registry, in my opinion, is a valid request that other people may like to see. If I've entered the key once for a site, why should I have to continue to enter it? I've already validated that I know the key and it matches the site I'm connecting to, which I believe maintains the security. I just want to store it for future connections to that site.
AMH

Guest


i call this command in my program :
lanceAppli("winscp.com /script= scp.txt")
in my scp.txt i put :
option confirm off
open sftp://mylogin:myPW@MyIP:port -hostkey="ssh-rsa 1024 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa"
option Transfer binary
put filename.ext
close
exit
when i execute it i have a message : Host does't exist.
but if i do it from DOS commande, line by line :
winscp.com
winscp>option confirm off
confirm off
winscp>
...... it work!

can some one help me.
JimGriffith
[View user's profile]

Joined: 2009-02-19
Posts: 21
Try putting your option confirm off after the open statement. This is the way I do my scripts and it works for me.

open sftp://user:pass@ftp.site.com -hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"
option confirm off
option transfer binary
put file.txt
exit
AMH

Guest


no i try this syntax baut no thing is change the same message:

Recherche de l'hote.....

Host does not exist.
winscp>
Embarassed
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
JimGriffith wrote:
Okay so forget that I said the scripting part but asking for it to save the information in the registry, in my opinion, is a valid request that other people may like to see. If I've entered the key once for a site, why should I have to continue to enter it? I've already validated that I know the key and it matches the site I'm connecting to, which I believe maintains the security. I just want to store it for future connections to that site.

But WinSCP allows that. Just not the way you are trying to do it.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
AMH wrote:
i call this command in my program :
lanceAppli("winscp.com /script= scp.txt")
in my scp.txt i put :
...

I suppose that the space in "/script= scp.txt" is the problem. This way, WinSCP does not connect "/script=" with "scp.txt". It ignores empty script switch and tries to connect to host "scp.txt".
_________________
Martin Prikryl
vh

Guest


prikryl wrote:

That does not make any sense. So either you are doing automatic script that has to run with default configuration (on any machine), without making any changes to it. Than you use -hostkey. Or you want to cache the hostkey for regular (non-automatic) use. Than you can do it from GUI or by importing the settings to registry)


Just want to ask a question ,If we have both , one key mentioned in the registry and other one in open command with -hostkey , will it produce any error .
In my case i have the one hostkey fingerprint hardcoded in the script while the other one present in the registry . Both are different . I want my script to execute successfully , I dont know about the one stored in registry but it gives the error "host key not found in the cache "
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
vh wrote:
Just want to ask a question ,If we have both , one key mentioned in the registry and other one in open command with -hostkey , will it produce any error .
In my case i have the one hostkey fingerprint hardcoded in the script while the other one present in the registry . Both are different . I want my script to execute successfully , I dont know about the one stored in registry but it gives the error "host key not found in the cache "

Such error does not exist in WinSCP. Maybe you mean log record "Host key does not match cached key..."
You will get that if the cached host key does match. But the key still validates using the fingerprint provided in script using -hostkey. If you get different results, please start a new topic and attach a complete session log file.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License