Differences
This shows you the differences between the selected revisions of the page.
| messages 2023-10-10 | messages 2025-06-04 (current) | ||
| Line 12: | Line 12: | ||
| If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | ||
| - | If the [[faq_hostkey|host key fingerprint is correct]], press //Accept// (//Yes// in the latest stable version). &beta The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), select //Connect Once// in the down-menu of the //Accept// button (//No// button in the stable version). &beta The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press //Cancel// to abort connection. | + | If the [[faq_hostkey|host key fingerprint is correct]], press //Accept//. The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), select //Connect Once// in the down-menu of the //Accept// button. The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press //Cancel// to abort connection. |
| - | If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can select //Paste Key// in drop-down menu of //Accept// (//Yes//) &beta button to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. The clipboard can contain an %%SHA-256%% or %%MD5%% fingerprint or a full key in ''.pub'' format. | + | If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can select //Paste Key// in drop-down menu of //Accept// button to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. The clipboard can contain an %%SHA-256%% or %%MD5%% fingerprint or a full key in ''.pub'' format. |
| Use //Copy key fingerprints to clipboard// link to copy key fingerprints to clipboard (both in %%SHA-256%% format seen on the message and additionally in %%MD5%% format). | Use //Copy key fingerprints to clipboard// link to copy key fingerprints to clipboard (both in %%SHA-256%% format seen on the message and additionally in %%MD5%% format). | ||
| Line 37: | Line 37: | ||
| ==== [[certified]] Certified Host key ==== | ==== [[certified]] Certified Host key ==== | ||
| - | If you've configured WinSCP to trust at least one [[ui_ssh_host_ca|certification authority for signing host keys]], then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a different certification authority, WinSCP will present this variant of the host key prompt. | + | If you've configured WinSCP to trust at least one [[ui_pref_security#authorities|certification authority for signing host keys]], then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a different certification authority, WinSCP will present this variant of the host key prompt. |
| One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, a particularly ambitious attacker might substitute an entire wrong certification authority, and hope that you connect anyway. | One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, a particularly ambitious attacker might substitute an entire wrong certification authority, and hope that you connect anyway. | ||
| Line 49: | Line 49: | ||
| ===== [[connection_refused]] Network error: Connection to "..." refused ===== | ===== [[connection_refused]] Network error: Connection to "..." refused ===== | ||
| You may get this message when connecting to a server for the following reasons: | You may get this message when connecting to a server for the following reasons: | ||
| + | * The server is down. Please talk to the server or network administrator. | ||
| * You are trying to use WinSCP for a purpose for which it is not designed. [[requirements|WinSCP needs]] an SSH or FTP server to be installed at the other end (on the machine you want to connect to). In particular, you cannot easily use it to connect to another Windows workstation, since Windows does not have an %%SSH%% or %%FTP%% server included by default. Please refer to the guide to [[guide_exchange|exchanging files over Internet]]. | * You are trying to use WinSCP for a purpose for which it is not designed. [[requirements|WinSCP needs]] an SSH or FTP server to be installed at the other end (on the machine you want to connect to). In particular, you cannot easily use it to connect to another Windows workstation, since Windows does not have an %%SSH%% or %%FTP%% server included by default. Please refer to the guide to [[guide_exchange|exchanging files over Internet]]. | ||
| * You are trying to use [[protocols|protocol]] that the server does not support. Particularly you are trying SFTP/SCP (over %%SSH%%), but the server supports %%FTP%%; or vice versa. Check selected protocol on [[ui_login#session_settings|Login dialog]]. Note that WinSCP defaults to %%SFTP%% protocol, while most other similar applications default to %%FTP%%. | * You are trying to use [[protocols|protocol]] that the server does not support. Particularly you are trying SFTP/SCP (over %%SSH%%), but the server supports %%FTP%%; or vice versa. Check selected protocol on [[ui_login#session_settings|Login dialog]]. Note that WinSCP defaults to %%SFTP%% protocol, while most other similar applications default to %%FTP%%. | ||
| * The server is running on a non-standard port. Please make sure you enter actual port number on [[ui_login|Login dialog]]. | * The server is running on a non-standard port. Please make sure you enter actual port number on [[ui_login|Login dialog]]. | ||
| * You may need to connect through a proxy server, but you have not specified one on //[[ui_login_proxy|Proxy page]]// of Advanced Site Settings dialog. | * You may need to connect through a proxy server, but you have not specified one on //[[ui_login_proxy|Proxy page]]// of Advanced Site Settings dialog. | ||
| - | * Connection was blocked by the firewall. Please refer to [[faq_connection_refused|FAQ]]. | + | * Connection was blocked by the firewall. Please refer to [[faq_connection_refused|*]] |
| Line 68: | Line 69: | ||
| ===== [[connection_timed_out]] Network error: Connection to "..." timed out ===== | ===== [[connection_timed_out]] Network error: Connection to "..." timed out ===== | ||
| + | All reasons and hints for [[message_connection_refused|"Network error: Connection refused"]] apply to this error too. | ||
| + | |||
| + | ===== [[connection_pemission_denied]] Network error: Permission denied ===== | ||
| All reasons and hints for [[message_connection_refused|"Network error: Connection refused"]] apply to this error too. | All reasons and hints for [[message_connection_refused|"Network error: Connection refused"]] apply to this error too. | ||
| Line 190: | Line 194: | ||
| This messages indicates that an FTP server unexpectedly closed a connection. | This messages indicates that an FTP server unexpectedly closed a connection. | ||
| + | |||
| + | ---- | ||
| There were reports((See forum topics [[&forum_topic(14577)|FTPS server disconnect during directory listing = sync fail]], [[&forum_topic(14289)|winscp.com scripting disconnect with FTP over TLS]] and [[&forum_topic(11568)|Synchronization: Reconnect and continue during file compare]].)) that the disconnect is sometimes caused by a Windows firewall on a local machine or on a remote server (if the server runs on Windows), if a stateful %%FTP%% filtering is enabled on the firewall. | There were reports((See forum topics [[&forum_topic(14577)|FTPS server disconnect during directory listing = sync fail]], [[&forum_topic(14289)|winscp.com scripting disconnect with FTP over TLS]] and [[&forum_topic(11568)|Synchronization: Reconnect and continue during file compare]].)) that the disconnect is sometimes caused by a Windows firewall on a local machine or on a remote server (if the server runs on Windows), if a stateful %%FTP%% filtering is enabled on the firewall. | ||
| Line 195: | Line 201: | ||
| To disable the stateful %%FTP%% filtering, in an Administrator command prompt, execute following command: | To disable the stateful %%FTP%% filtering, in an Administrator command prompt, execute following command: | ||
| - | <code> | + | <code batch> |
| - | netsh advfirewall set global StatefulFTP disable | + | netsh advfirewall <nohilite>set</nohilite> global StatefulFTP disable |
| </code> | </code> | ||
| - | For details refer to [[https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd421710(v=ws.10)|How to Configure Windows Firewall for a Passive Mode FTP Server]]. | + | For details refer to [[https://learn.microsoft.com/en-us/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7#using-windows-firewall-with-secure-ftp-over-ssl-ftps-traffic|Using Windows Firewall with non-secure FTP traffic]]. |
| ===== Incoming packet was garbled on decryption ===== | ===== Incoming packet was garbled on decryption ===== | ||
| Line 315: | Line 321: | ||
| * Make sure you are using ''bash'' shell. If you do not want to set it as your default shell, [[ui_login_scp#shell|force it]] for WinSCP sessions. | * Make sure you are using ''bash'' shell. If you do not want to set it as your default shell, [[ui_login_scp#shell|force it]] for WinSCP sessions. | ||
| - | ===== [[large_packet]] Received too large (... B) SFTP packet. Max supported packet size is 102400 B ===== | + | ===== [[large_packet]] Received too large (... B) SFTP packet. Max supported packet size is 1024000 B ===== |
| If ... (from the subject) is a very large number then the problem is typically caused by a message printed from some profile/logon script. It violates an SFTP protocol. Some of these scripts are executed even for [[requirements#remote_environment|non-interactive (no TTY) sessions]], so they cannot print anything (nor ask user to type something). | If ... (from the subject) is a very large number then the problem is typically caused by a message printed from some profile/logon script. It violates an SFTP protocol. Some of these scripts are executed even for [[requirements#remote_environment|non-interactive (no TTY) sessions]], so they cannot print anything (nor ask user to type something). | ||
| Line 399: | Line 405: | ||
| * There's antivirus (or similar application) that starts inspecting the uploaded file, locking it while doing that, what conflicts with WinSCP attempt to rename the file. | * There's antivirus (or similar application) that starts inspecting the uploaded file, locking it while doing that, what conflicts with WinSCP attempt to rename the file. | ||
| - | To circumvent that, disable [[ui_pref_resume|transfer resume/transfer to temporary filename]]. | + | To circumvent that, disable transfer resume/transfer to temporary filename. |
| + | |||
| + | * In GUI, go to [[ui_pref_resume|//Preferences > Transfer > Endurance//]] and disable [[ui_pref_resume#temporary|//Transfer Resume / Transfer to Temporary Filename//]]. | ||
| + | * In scripting, use [[scriptcommand_put#resumesupport|''-resumesupport=off'' with ''put'' command]] (or other command that triggered the upload). | ||
| + | * In .NET assembly, use ''[[library_transferoptions#resumesupport|TransferOptions.ResumeSupport]]'' property. | ||
| ===== [[preserve_time_perm]] Upload of file .. was successful, but error occurred while setting the permissions and/or timestamp. If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option. ===== | ===== [[preserve_time_perm]] Upload of file .. was successful, but error occurred while setting the permissions and/or timestamp. If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option. ===== | ||
| Line 415: | Line 425: | ||
| When using [[scripting]], add [[scriptcommand_put#nopreservetime|''-nopreservetime'' switch]] to [[scriptcommand_put|''put'' command]]. If you are not running scripting with [[scripting#configuration|default isolated configuration]], you may also need to add [[scriptcommand_put#nopermissions|''-nopermissions'' switch]] (what is the default settings). | When using [[scripting]], add [[scriptcommand_put#nopreservetime|''-nopreservetime'' switch]] to [[scriptcommand_put|''put'' command]]. If you are not running scripting with [[scripting#configuration|default isolated configuration]], you may also need to add [[scriptcommand_put#nopermissions|''-nopermissions'' switch]] (what is the default settings). | ||
| - | With [[scriptcommand_synchronize|''synchronize'' command]], this works only when ''[[scriptcommand_synchronize#criteria|-criteria]]'' is ''none'' or ''size'' and it never works in ''both'' mode. | + | With [[scriptcommand_synchronize|''synchronize'' command]], this works only when ''[[scriptcommand_synchronize#criteria|-criteria]]'' lacks ''time'' and it never works in ''both'' mode. |
| ==== [[library]] .NET Assembly ==== | ==== [[library]] .NET Assembly ==== | ||
| Line 439: | Line 449: | ||
| </code> | </code> | ||
| - | With [[library_session_synchronizedirectories|''Session.SynchronizeDirectories'']], this works only when ''criteria'' parameter is ''SynchronizationCriteria.None'' or ''SynchronizationCriteria.Size'' and it never works when ''mode'' parameter is ''SynchronizationMode.Both'' (learn [[library_powershell#enums|enumeration syntax]] in PowerShell). | + | With [[library_session_synchronizedirectories|''Session.SynchronizeDirectories'']], this works only when ''criteria'' parameter lacks ''SynchronizationCriteria.Time'' and it never works when ''mode'' parameter is ''SynchronizationMode.Both'' (learn [[library_powershell#enums|enumeration syntax]] in PowerShell). |
| ==== In Other Languages ==== | ==== In Other Languages ==== | ||
| Line 538: | Line 548: | ||
| Though as with the most of session settings, if you have the site set up in WinSCP GUI, you can have it [[ui_generateurl#code|generate a code template]] for you, including the ''SessionOptions.SshHostKeyFingerprint''. | Though as with the most of session settings, if you have the site set up in WinSCP GUI, you can have it [[ui_generateurl#code|generate a code template]] for you, including the ''SessionOptions.SshHostKeyFingerprint''. | ||
| + | |||
| + | ===== [[method_not_found_eventwaithandle]] Method not found: 'Void System.Threading.EventWaitHandle..ctor(...)' ===== | ||
| + | |||
| + | Full message: | ||
| + | |||
| + | > Method not found: ‘Void System.Threading.EventWaitHandle..ctor(Boolean, System.Threading.EventResetMode, System.String, Boolean ByRef, System.Security.AccessControl.EventWaitHandleSecurity)’ | ||
| + | |||
| + | The exception can be represented as ''MethodInvocationException'' //(Exception calling "Open" with "1" argument(s))// or ''MissingMethodException'' //(Method not found)//. | ||
| + | |||
| + | The exception occurs, when you are trying to use .NET Framework build of the assembly in .NET [Core] code or from PowerShell [Core]. | ||
| + | |||
| + | You need to use .NET Standard build of the assembly, which is located in the ''netstandard2.0'' subfolder of ''WinSCP-X.X.X-Automation.zip'' package. | ||
| + | |||
| + | For details, learn about [[library_install#installing|installing the assembly]]. | ||
| ===== [[key_fingerprint_does_not_match]] SSH host key/TLS host certificate fingerprint "..." does not match pattern "..." ===== | ===== [[key_fingerprint_does_not_match]] SSH host key/TLS host certificate fingerprint "..." does not match pattern "..." ===== | ||
| Line 543: | Line 567: | ||
| You get these errors, when the SSH host key fingerprint provided to [[library_sessionoptions#sshhostkeyfingerprint|''SessionOptions.SshHostKeyFingerprint'']] or TLS host certificate fingerprint provided to [[library_sessionoptions#tlshostcertificatefingerprint|''SessionOptions.TlsHostCertificateFingerprint'']] have a wrong format. | You get these errors, when the SSH host key fingerprint provided to [[library_sessionoptions#sshhostkeyfingerprint|''SessionOptions.SshHostKeyFingerprint'']] or TLS host certificate fingerprint provided to [[library_sessionoptions#tlshostcertificatefingerprint|''SessionOptions.TlsHostCertificateFingerprint'']] have a wrong format. | ||
| - | (In [[library_powershell|PowerShell]], when setting the properties via ''-Property'' switch of [[https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/new-object|''New-Object'' cmdlet]], the error is disguised as //"The value supplied is not valid, or the property is read-only. Change the value, and then try again."//) | + | (In [[library_powershell|PowerShell]], when setting the properties via ''-Property'' switch of [[https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/new-object|''New-Object'' cmdlet]], the error is disguised by PowerShell as //"The value supplied is not valid, or the property is read-only. Change the value, and then try again."//) |
| Examples of the correct format of the fingerprints: | Examples of the correct format of the fingerprints: | ||
| Line 554: | Line 578: | ||
| Also make sure you use the same version (ideally the latest) of WinSCP both for obtaining the fingerprint in WinSCP GUI and using the fingerprint in WinSCP .NET assembly. Older versions do not support modern SHA-256 fingerprints. So the fingerprint formats may be incompatible (and less safe). | Also make sure you use the same version (ideally the latest) of WinSCP both for obtaining the fingerprint in WinSCP GUI and using the fingerprint in WinSCP .NET assembly. Older versions do not support modern SHA-256 fingerprints. So the fingerprint formats may be incompatible (and less safe). | ||
| - | A common mistake is to substitute ''SessionOptions.TlsHostCertificateFingerprint'' with ''SessionOptions.SshHostKeyFingerprint'' (or vice versa). The SSH host key is used with SSH-based protocols SFTP and FTP. The TLS host certificate is used with SSL-based protocols FTPS and WebDAVS. | + | A common mistake is to substitute ''SessionOptions.TlsHostCertificateFingerprint'' with ''SessionOptions.SshHostKeyFingerprint'' (or vice versa). The SSH host key is used with SSH-based protocols SFTP and FTP. The TLS host certificate is used with SSL-based protocols FTPS, WebDAVS and S3. |
| ===== [[path_slash_ambiguous]] Selecting files using a path ending with slash is ambiguous. Remove the slash to select the folder. Append * mask to select all files in the folder. ===== | ===== [[path_slash_ambiguous]] Selecting files using a path ending with slash is ambiguous. Remove the slash to select the folder. Append * mask to select all files in the folder. ===== | ||
| Line 597: | Line 621: | ||
| You get this error message, when you try to execute a [[scripting#using_scripting|script]] that does not use a valid UTF-8 (or UTF-16) encoding. | You get this error message, when you try to execute a [[scripting#using_scripting|script]] that does not use a valid UTF-8 (or UTF-16) encoding. | ||
| - | Older versions of WinSCP used legacy ANSI encoding, when the script file does not have %%UTF-8%% (or UTF-16) byte order mark (BOM). The recent versions of WinSCP default to %%UTF-8%% encoding, when no BOM is present. If you have a script written in ANSI encoding for an old version of WinSCP, you have to convert it to %%UTF-8%% (or UTF-16) encoding, when upgrading to a recent version of WinSCP. | + | Old versions of WinSCP used legacy ANSI encoding, when the script file does not have %%UTF-8%% (or UTF-16) byte order mark (BOM). The recent versions of WinSCP default to %%UTF-8%% encoding, when no BOM is present. If you have a script written in ANSI encoding for an old version of WinSCP, you have to convert it to %%UTF-8%% (or UTF-16) encoding, when upgrading to a recent version of WinSCP. |
| A simple way to convert the script encoding is: | A simple way to convert the script encoding is: | ||