Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Using WinSCP in against Clustered servers

tong wrote:

How can I have three seperate keys for one set of clustered servers?

Is it possible with the current WinScp version?

Yes.
tong

Re: Using WinSCP in against Clustered servers

How can I have three seperate keys for one set of clustered servers?

Is it possible with the current WinScp version?
martin

Re: Using WinSCP in against Clustered servers

This feature has been implemented already. It will be included into the next major release.
martin

Re: Using WinSCP in against Clustered servers

leonhardtk wrote:

Do you have an estimated time-frame, version you expect the "clustered environment" will be incorporated?

Sorry, I would not dare to give any schedule :-(
leonhardtk

Re: Using WinSCP in against Clustered servers

How can the script automatically accept the new key, without being prompted?

You cannot. And it is not planned as it is not a good idea at all.


I certainly understand the "risks", especially with spoofing, etc. I guess I wanted an "easy" fix, as we are on a classified, "low" risk network. In this environment, we can accept more risk, than say on the Unclassified environment. On the other hand, if we invalid all the built-in security, why bother with SSH? Point taken.

Do you have an estimated time-frame, version you expect the "clustered environment" will be incorporated?

Thanks for your assistance,

Kevin S. Leonhardt
martin

Re: Using WinSCP in against Clustered servers

leonhardtk wrote:

How can the user have three seperate keys for one set of clustered servers?

Not yet, but it is on TODO list.
How can the script automatically accept the new key, without being prompted?

You cannot. And it is not planned as it is not a good idea at all.
leonhardtk

Using WinSCP in against Clustered servers

I have a problem, which we're trying to resolve.

I have a server, running the OpenSSH daemon (sshd) in an unix environment. My server is actually a three-node cluster. This means I have a hostnanme (Digiport), which points to one of three active servers. To the remote client, the Digiport cluster is the only hostname they know. They may actually point to either digiport1, digiport2 or digiport3, each with its own "hostkey". The problem the clients experience, is if their key was initialized on digiport1, and we failover to digiport3, the users get an error, that warns them of the different key for digiport.

Manually you can accept the new key, and assume the risk yourself. The developers of the application using WinSCP to SFTP to the digiport server, wants to automate this, and assume the risk for DIGIPORT, as this is all "scripted" behind the scenes. The users are not aware of the technical process, and shouldn't have to acknowledge anything. There is security document that explains the technical portion, but the users do not need to be part of the process.

The question:

How can the user have three seperate keys for one set of clustered servers? Or:
How can the script automatically accept the new key, without being prompted?

Please advise soonest to:

leonhark@stratcom.mil or
(402) 232-4971.

Thanks,

Kevin S. Leonhardt