Post a reply

Username

Subject

Message body

Font colour:

Font size:

[quote="polarbear9911"]I am getting the following mismatch on the value of [m]-hostkey[/m] and the server's fingerprint
[code]batch           abort     
reconnecttime   120       
confirm         off       
Searching for host...
Connecting to host...
Authenticating...
Host key does not match configured key "ssh-rsa"!
Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5.
[/code]
Note the error [i]{Host key does not match configured key "2048"!}[/i] is reporting the value of -hostkey, but it only goes as far as the first space in the value.  Am I formatting this wrong?  
[code]-hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""[/code]
When I get the error and it says this: [i]"Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5."[/i]
Is this actually the fingerprint of the host I am trying to connect to?  Or is this just an example of a fingerprint?

Is there anyway in the WinSCP client to see the fingerprint of the host I am connected (when using the client)?[/quote]

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: PowerShell having issues with placing the hostkey in the correct position

2023-04-03

Aren't you using PowerShell 7.3? It has a breaking change:
PowerShell 7.3.0 breaking command invocation
If you want to resolve your original problem, please post WinSCP session log file (Session.SessionLogPath) for the code I've suggested.

polarbear9911

Problem Resolved - Never did get the -hostkey to work

2023-03-31 00:59

The problem turned out to be with the winscp.ini was not getting updated with accepted fingerprint. Fixed the security and then everything worked fine (without using the -hostkey parameter).

I never did get it to work. WinSCP read the -hostkey parameter, but only up to the first space in the value. Not sure why though.

polarbear9911

-hostkey error message is not reading the entire value of -hostkey - stops after the first space

2023-03-30 15:56

I am getting the following mismatch on the value of -hostkey and the server's fingerprint

batch           abort     

reconnecttime   120       

confirm         off       

Searching for host...

Connecting to host...

Authenticating...

Host key does not match configured key "ssh-rsa"!

Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5.

Note the error {Host key does not match configured key "2048"!} is reporting the value of -hostkey, but it only goes as far as the first space in the value. Am I formatting this wrong?

-hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""

When I get the error and it says this: "Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5."
Is this actually the fingerprint of the host I am trying to connect to? Or is this just an example of a fingerprint?

Is there anyway in the WinSCP client to see the fingerprint of the host I am connected (when using the client)?

polarbear9911

Got the syntax to work - now I'm just not matching on the key

2023-03-30 14:29

reconnecttime   120       

confirm         off       

Searching for host...

Connecting to host...

Authenticating...

Host key does not match configured key "ssh-rsa"!

Host key fingerprint is ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5.



Authentication failed.

polarbear9911

Re: PowerShell having issues with placing the hostkey in the correct position

2023-03-30 14:15

I will look at the .NETlink. These are old PS scripts and I need to get this to work without rewriting it. The -hostkey parameter itself is giving me problems (even after I made the suggested change). If I don't use the -hostkey parameter, I can connect to the FTP server.

$cmdline += " `"open $ftpsite  "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080`" "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

output from my logging - it gets to the server because it says "Authenticating":

3/30/2023 7:50:27 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://xxxxxxx@xxxx.xxx.com:2222/   -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xxx ProxyPort=8080"  "lcd Z:\Applications\PVToOracle\Outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--07-50.log

batch           abort     

reconnecttime   120       

confirm         off       

Searching for host...

Connecting to host...

Authenticating...

Continue connecting to an unknown server and add its host key to a cache?

The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.

The server's rsa2 key fingerprint is:

ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5

If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.

In scripting, you should use a -hostkey switch to configure the expected host key.

If I use this code and put -hostkey right after the "Site" which is where I see a lot of examples put it - it never gets to "Authenticating":

$cmdline += " `"open $ftpsite  "
$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080`" "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

The output is this - it never uses the proxy settings to

3/30/2023 7:59:14 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://xxxxx@xxx.xx.com:2222/   -hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5""  -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080"  "lcd Z:\Applications\PVToOracle\Outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--07-59.log

batch           abort     

reconnecttime   120       

confirm         off       

Searching for host...

If I move -hostkey out of the open command to this spot - then it gets to "Authenticating" but the figerprint is not "noticed":

$cmdline += " `"open $ftpsite  "
#$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080`" "
$cmdline += " -hostkey=`"`"ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5`"`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

The output is this - it first has problems connecting, but then seems to find the proxy and starts authenticating

3/30/2023 8:04:11 AM - Starting FTP Process on Directory: Z:\Applications\PVToOracle\Outbound\SAP

& "Z:\Applications\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off" "open sftp://xxxx@xxx.xxx.com:2222/ -privatekey=Z:\Applications\WinSCP-5.9.2-Portable\Private_Key.PPK -rawsettings ProxyMethod=3 ProxyHost=xx.xx.xx.xx ProxyPort=8080" -hostkey=""ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5"" "lcd Z:\Applications\PVToOracle\Outbound\SAP" "cd /i501000PV/i501000_Structure_TEST/Upload" "put *.csv" "exit" >>Z:\Applications\PVToOracle\Log\SAP\SAP-2023-03-30--08-04.log

Scripting does not use standalone parameters. The parameters you have specified on command-line will not be used. Your command-line syntax is probably wrong.

Opening session using command-line parameter in scripting is deprecated. Use 'open' command instead.

Searching for host...

Network error: Network is unreachable

batch abort

reconnecttime 120

confirm off

Searching for host...

Connecting to host...

Authenticating...

Continue connecting to an unknown server and add its host key to a cache?

The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.

The server's rsa2 key fingerprint is:

ssh-rsa 2048 03:00:4f:c6:65:0a:90:0e:d5:fc:56:05:a4:fe:0c:d5

If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.

In scripting, you should use a -hostkey switch to configure the expected host key.

martin

Re: PowerShell having issues with placing the hostkey in the correct position

2023-03-30

It should be:

$cmdline += " -hostkey=`"`"ssh-rsa 2048 xx:xx...`"`" "

https://winscp.net/eng/docs/commandline#syntax

Though, in PowerShell, you better use WinSCP .NET assembly:
https://winscp.net/eng/docs/library_powershell

polarbear9911

PowerShell having issues with placing the hostkey in the correct position

2023-03-29 01:41

When I run my PowerShell with the code below:

$cmdline += " `"open $ftpsite  "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=XX.xxx.xxx.xx ProxyPort=8080`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

PowerShell ISE shows this in the output window

Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

So I added the fingerprint above to my Hostkey parameter as below:

$cmdline += " `"open $ftpsite  "
$cmdline += " -hostkey=`"ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx`" "
$cmdline += " -privatekey=$privatekey  "
$cmdline += " -rawsettings ProxyMethod=3 ProxyHost=XX.xxx.xxx.xx ProxyPort=8080`" "
$cmdline += " `"lcd $OutboundDir`" "
$cmdline += " `"cd $ftpdirectory`" "
$cmdline += " `"put $filter`" "
$cmdline += " `"exit`" >>$FullPathToLogFile"

It produces a string like this:

& "Z:\WinSCP-5.9.2-Portable\winscp.com" /command "option batch abort" "option confirm off"  "open sftp://userid@FTP.xyz.com:2222/   -hostkey="ssh-rsa 2048 ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"  -privatekey=Z:\xyz\Private_Key.PPK   -rawsettings ProxyMethod=3 ProxyHost=xx.xxx.xxx.xx ProxyPort=8080"  "lcd Z:\outbound\SAP"  "cd /i501000PV/i501000_Structure_TEST/Upload"  "put *.csv"  "exit" >>Z:\temp\winscp.log

But then I get "Searching for host.... Network error timed out" from the WinSCP Log. It is obvious that I am putting the hostkey into the string wrong. I followed examples I found. I can't figure out what I'm doing wrong.