Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

dotps1

no worries, happy to help!
samellinger

Sorry for the confusion with different names, that's what I get for trying to sanitize code at different times.

You are correct though, I had a value for the name of session, but looking back there is no name included in New-WinSCPSession. I thought that was part of one of the examples but looking over the examples and syntax there is not. Removing that name corrects the issue I was having with the command.
dotps1

Please move this to GitHub, this is not an issue with WinSCP Directly, but possibly and issue with the WinSCP PowerShell Module. You can find it here: https://github.com/tomohulk/WinSCP/issues.

But at first glance, what is DSession? There are no position supported params in the New-WinSCPSession cmdlet, everything is by name only (as it is with anything I write, I don't like unnamed params). So DSession i have a feeling is throwing everything off, it basically doesn't now what that value is for.

*Edit*
I also see in your first post you have
New-WinSCPSession ED -.........

again, not sure what ED is, but this make me even more sure about the issue being a typo.

hope that helps.
*End Edit*
samellinger

Sure, here is the code that is working correctly:
$sessionOptions = New-Object WinSCP.SessionOptions
$sessionOptions.Protocol = [WinSCP.Protocol]::ftp
$sessionOptions.HostName = "host.com"
$sessionOptions.UserName = "Username"
$sessionOptions.Password = 'Password'
$sessionOptions.TlsHostCertificateFingerprint = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78"
$sessionOptions.FtpSecure = [WinSCP.FtpSecure]::Explicit
$session = New-Object WinSCP.Session

Here is the powershell commandlet that did not work:
$FTPHost = "host.com"
$Port = "21"
$Protocol = "FTP"
$Username = "Username"
$Password = convertto-securestring -string 'Password' -AsPlainText -Force
$credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$HostKey = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78"
 
New-WinSCPSession DSession -credential $Credential -ftpMode Active -FtpSecure ExplicitTls -HostName $FTPHost -PortNumber $Port -Protocol $Protocol -TlsHostCertificateFingerprint $HostKey
martin

Can you show us your corrected code that suffers the problem nevertheless?
samellinger

After reading the error messages a bit deeper I realized that it is accepting the TlsHostCertificateFingerprint in its current format, but complaining about not having SshHostKeyFingerprint. It appears that no matter what I do, even though the protocol is set to FTP and FTPSecure is set to ExplicitTLS it still expects SshHostKeyFingerprint no matter what. I'm not sure if that is an error with the commandlets but I'm unable to complete the command without it expecting SSH information for my FTPS connection.

Instead of using the Powershell wrapper I resorted to using the .Net assembly which is completing my connection successfully.
martin

So use 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78 as is for TlsHostCertificateFingerprint, and do to try to add some irrelevant prefix.
samellinger

I got that key from Session>Server and protocol information. Here's the output from that.
Remote system = UNIX Type: L8

File transfer protocol = FTP
Cryptographic protocol = TLS/SSL Explicit encryption, TLSv1.2
Encryption algorithm = TLSv1/SSLv3: AES256-GCM-SHA384, 2048 bit RSA
Compression = No
------------------------------------------------------------
Certificate fingerprint
78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78

That's why I was a bit confused, I'm trying to use FTP over TLS not SFTP over SSH.
martin

Re: Powershell unable to get TlsHostCertificateFingerprint in correct format

The TLS certificate fingerprint cannot start with ssh-rsa. That's obviously an SSH host key fingerprint. Where did you get it? Do you want to use FTP over TLS or SFTP over SSH?
See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match
samellinger

Powershell unable to get TlsHostCertificateFingerprint in correct format

I'm working to automate a csv upload to a external service that we subscribe to. I'm running into an issue with the Tls host certificate. Here's the code snippet and what I've tried
$HostKey = "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68"
New-WinSCPSession ED -credential $Username -ftpMode Active -FtpSecure ExplicitTls -HostName $FTPHost -PortNumber $Port -Protocol $Protocol -TlsHostCertificateFingerprint $HostKey -SessionLogPath $WinSCPLog

When I run that I receive
New-WinSCPSession : Exception setting "TlsHostCertificateFingerprint": "TLS host certificate fingerprint "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78" does not
match pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}(;([0-9a-f]{2}:){19}[0-9a-f]{2})*/"

It appears that the key is matching the correct pattern but ssh-rsa 2048 does not. Ok, so I changed the variable to
$HostKey = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68" and received the following result.

New-WinSCPSession : Exception setting "SshHostKeyFingerprint": "SSH host key fingerprint "DiscoveryED" does not match pattern /((ssh-rsa|ssh-dss)( |-))?(\d+
)?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}(;((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2})*/"

I then tried shortening the key length as specified in that regex to "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68". However, I received the following error again
New-WinSCPSession : Exception setting "TlsHostCertificateFingerprint": "TLS host certificate fingerprint "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68" does not match
pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}(;([0-9a-f]{2}:){19}[0-9a-f]{2})*/"

Can someone help me understand where I am going wrong in formatting this fingerprint?