Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Blisk

You said it is vulnerable for MITM attack, when using that.
So how can they do that if I specified IP where to connect?
martin

I do not understand. The -hostkey=* applies only to that open command. So only to the server (hostname or IP) that you specify in the open command.
Blisk

thank you for info.
I don't have any that much important data. I use this just to send some files over internet.
Problem is, when sending files stops to work when certificate changes and I don't know that.
Is there a way to accept certificate only when server name match "myserver" or only for servers with IP - my ip server"123.123.123.123"
This will be much safer.
martin

Re: Auto accept certificate

You can use -hostkey=*:
https://winscp.net/eng/docs/scriptcommand_open#hostkey

But you should not do it! Verifying the hostkey (it's not a certificate) is an integral part of SSH security. By blindly accepting any hostkey, you become vulnerable to MITM attacks. Your server's host key should not change. If it does, it's a security weakness.
Blisk

Auto accept certificate

How to make a script to send files and auto accept certificate instead of putting in script a key which can change?
For example to skip this in script and auto accept and connect ssh-rsa 2048 xxxxxxxxxxx...=:
open sftp://user:password@example.com/ -hostkey="ssh-rsa 2048 xxxxxxxxxxx...="