Ok, I agree. But even when the private keys have the same passphrase, you'll have to manually enter the passphrase for the tunnel key. I made a test with two different private keys. Both have the same passphrase:
Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings Tunnel=1 TunnelLocalPortNumber=0 TunnelHostName=my_jumphost TunnelPortNumber=22 TunnelUserName=tunnel_username TunnelPasswordPlain=*** TunnelPublicKeyFile=my_tunnel_private_key.ppk
WinSCP will ask the user to enter the passphrase for the tunnel. After entering the passphrase manually, the session will open up without a prompt. So I think the option
/passphrase
is ignored by the Tunnel feature.
When using plink, it works without a prompt at all, because plink will accept
-pw
as passphrase:
Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings ProxyMethod=5 ProxyTelnetCommand="""C:\\PuTTY\\plink.exe"" -P 22 -l tunnel_username my_jumphost -nc 10.16.35.7:22 -i ""my_tunnel_private_key.ppk"" -pw "***""
So using the native WinSCP tunneling feature, I think there is no way to suppress the passphrase prompt for the private key of the tunnel (except of course if you use pageant).