Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: PowerShell having issues with placing the hostkey in the correct position

Aren't you using PowerShell 7.3? It has a breaking change:
PowerShell 7.3.0 breaking command invocation
If you want to resolve your original problem, please post WinSCP session log file (Session.SessionLogPath) for the code I've suggested.
polarbear9911

Problem Resolved - Never did get the -hostkey to work

The problem turned out to be with the winscp.ini was not getting updated with accepted fingerprint. Fixed the security and then everything worked fine (without using the -hostkey parameter).

I never did get it to work. WinSCP read the -hostkey parameter, but only up to the first space in the value. Not sure why though.
polarbear9911

-hostkey error message is not reading the entire value of -hostkey - stops after the first space

I am getting the following mismatch on the value of -hostkey and the server's fingerprint
batch           abort     

reconnecttime   120       
confirm         off       
Searching for host...
Connecting to host...
Authenticating...
Host key does not match configured key "ssh-rsa"!
Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5.

Note the error {Host key does not match configured key "2048"!} is reporting the value of -hostkey, but it only goes as far as the first space in the value. Am I formatting this wrong?
-hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""

When I get the error and it says this: "Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5."
Is this actually the fingerprint of the host I am trying to connect to? Or is this just an example of a fingerprint?

Is there anyway in the WinSCP client to see the fingerprint of the host I am connected (when using the client)?
polarbear9911

Got the syntax to work - now I'm just not matching on the key

reconnecttime   120       

confirm         off       
Searching for host...
Connecting to host...
Authenticating...
Host key does not match configured key "ssh-rsa"!
Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5.

Authentication failed.
polarbear9911

Re: PowerShell having issues with placing the hostkey in the correct position

I will look at the .NETlink. These are old PS scripts and I need to get this to work without rewriting it. The -hostkey parameter itself is giving me problems (even after I made the suggested change). If I don't use the -hostkey parameter, I can connect to the FTP server.
$cmdline += " `"open $ftpsite  "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080`" "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

output from my logging - it gets to the server because it says "Authenticating":
3/30/2023 7:50:27 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://xxxxxxx@xxxx.xxx.com:2222/   -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xxx ProxyPort=8080"  "lcd Z:\Applications\PVToOracle\Outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--07-50.log
batch           abort     
reconnecttime   120       
confirm         off       
Searching for host...
Connecting to host...
Authenticating...
Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5
If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
In scripting, you should use a -hostkey switch to configure the expected host key.

If I use this code and put -hostkey right after the "Site" which is where I see a lot of examples put it - it never gets to "Authenticating":
$cmdline += " `"open $ftpsite  "
$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080`" "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

The output is this - it never uses the proxy settings to
3/30/2023 7:59:14 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://xxxxx@xxx.xx.com:2222/   -hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""  -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080"  "lcd Z:\Applications\PVToOracle\Outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--07-59.log
batch           abort     
reconnecttime   120       
confirm         off       
Searching for host...

If I move -hostkey out of the open command to this spot - then it gets to "Authenticating" but the figerprint is not "noticed":
$cmdline += " `"open $ftpsite  "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080`" "
$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

The output is this - it first has problems connecting, but then seems to find the proxy and starts authenticating
3/30/2023 8:04:11 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://xxxx@xxx.xxx.com:2222/   -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080"  -hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""  "lcd Z:\Applications\PVToOracle\Outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--08-04.log
Scripting does not use standalone parameters. The parameters you have specified on command-line will not be used. Your command-line syntax is probably wrong.
Opening session using command-line parameter in scripting is deprecated. Use 'open' command instead.
Searching for host...
Network error: Network is unreachable
batch           abort     
reconnecttime   120       
confirm         off       
Searching for host...
Connecting to host...
Authenticating...
Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5
If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
In scripting, you should use a -hostkey switch to configure the expected host key.
polarbear9911

PowerShell having issues with placing the hostkey in the correct position

When I run my PowerShell with the code below:
$cmdline += " `"open $ftpsite  "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=XX.xxx.xxx.xx ProxyPort=8080`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

PowerShell ISE shows this in the output window
Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

So I added the fingerprint above to my Hostkey parameter as below:
$cmdline += " `"open $ftpsite  "
$cmdline += " -hostkey=`"ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=XX.xxx.xxx.xx ProxyPort=8080`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

It produces a string like this:
& "Z:\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://userid@FTP.xyz.com:2222/   -hostkey="ssh-rsa 2048 ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx-privatekey=Z:\xyz\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080"  "lcd Z:\outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\temp\winscp.log

But then I get "Searching for host.... Network error timed out" from the WinSCP Log. It is obvious that I am putting the hostkey into the string wrong. I followed examples I found. I can't figure out what I'm doing wrong.