Differences
This shows you the differences between the selected revisions of the page.
| faq_passphrase 2014-06-17 | faq_passphrase 2022-10-21 (current) | ||
| Line 4: | Line 4: | ||
| The best solution is to use [[ui_pageant|authentication agent (Pageant)]], so that you enter the passphrase only once. | The best solution is to use [[ui_pageant|authentication agent (Pageant)]], so that you enter the passphrase only once. | ||
| - | ===== Automating Private Key Authentication ===== | + | ===== [[automating]] Automating Private Key Authentication ===== |
| + | |||
| + | You can specify the passphrase using ''[[scriptcommand_open#passphrase|-passphrase]]'' switch of ''[[scriptcommand_open|open]]'' command in scripting and using ''[[library_sessionoptions#privatekeypassphrase|SessionOptions.PrivateKeyPassphrase]]'' in .NET assembly. | ||
| + | |||
| + | ===== [[unprotected]] Unprotected Private Key ===== | ||
| + | |||
| + | Alternatively you can store the private key unprotected (without a passphrase). Note that this imposes a security risk, if someone gains access to the key. | ||
| + | |||
| + | When using unprotected key with scripting, you should consider restricting access to the unprotected private key file to the local account that runs the script only (using [[https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770962(v=ws.11)|Windows file system permissions]]). | ||
| - | If you need to avoid entering the passphrase to automate a task (such as with [[scripting]] or when using [[library|.NET assembly]]) and using authentication agent is not suitable for you, you can store the key unprotected (without an passphrase). Note that this imposes security risk, if someone gains access to the key. You should consider restricting access to the unprotected private key file to the local account that runs the script only (using [[http://technet.microsoft.com/en-us/library/cc770962.aspx|Windows file system permissions]]). | ||
| - | WinSCP does not support providing the passphase from [[commandline|command line]] or by other means allowing automation. Anyway, this would not bring substantial advantage over unprotected key as the passphrase would need to be stored too (in a script), probably on the same data storage as the key. | ||