Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

snehal.srivastava1994@gma

Re: Connection Tunneling via Command-Line options / Passphrase for private key

Can you please provide me command that you used to launch tunnel session via Command-line.
That rawsetting command?
martin

Thanks for your feedback.
p-st

I can confirm that – using the development version of WinSCP – it is now possible to set the passphrase for the tunnel key via command-line raw setting TunnelPassphrasePlain, so that the session will open up without the passphrase prompt. Thank you very much!
p-st

Ok, I agree. But even when the private keys have the same passphrase, you'll have to manually enter the passphrase for the tunnel key. I made a test with two different private keys. Both have the same passphrase:

Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings Tunnel=1 TunnelLocalPortNumber=0 TunnelHostName=my_jumphost TunnelPortNumber=22 TunnelUserName=tunnel_username TunnelPasswordPlain=*** TunnelPublicKeyFile=my_tunnel_private_key.ppk

WinSCP will ask the user to enter the passphrase for the tunnel. After entering the passphrase manually, the session will open up without a prompt. So I think the option /passphrase is ignored by the Tunnel feature.

When using plink, it works without a prompt at all, because plink will accept -pw as passphrase:

Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings ProxyMethod=5 ProxyTelnetCommand="""C:\\PuTTY\\plink.exe"" -P 22 -l tunnel_username my_jumphost -nc 10.16.35.7:22 -i ""my_tunnel_private_key.ppk"" -pw "***""

So using the native WinSCP tunneling feature, I think there is no way to suppress the passphrase prompt for the private key of the tunnel (except of course if you use pageant).
martin

You cannot. But in general, what prevents you from using the same passphrase for both? You can even use the same private key for both servers.
p-st

Thanks for your answer!

If the session passphrase can be used for the private key of the tunnel, then how can I set separate passphrases in case there is a different private key with a different passphrase for the session and the tunnel?
martin

Re: Connection Tunneling via Command-Line options / Passphrase for private key

I cannot test right now, but I believe that the -passphrase would be used even for tunnel.

Regarding the PublicKeyFile: Some of registry settings names, including this one, are inherited from PuTTY. I do not know why they chose this name.
p-st

Connection Tunneling via Command-Line options / Passphrase for private key

Hi!

I'm launching a WinSCP session via command-line options, which works great! Now I want to launch a WinSCP session, which uses a SSH tunnel. I managed to do it with the Raw Site Settings "Tunnel*". I would have one feature request - it would be nice if there would be an option for setting the passphrase for the private key, e.g. with a new option TunnelPassphrase, like it is already available in the command-line options for the session (/privatekey and /passphrase). Would this be possible?

Another thing I stumbled upon is the option TunnelPublicKeyFile, which stands for the private key. It is no big deal but why isn't it called "TunnelPrivateKeyFile"?

Thanks for the great work!

Regards
Patrick