Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Authentication Failed

martin wrote:

Because the script generator does not add the host key for the tunnel (TunnelHostKey raw session settings).

See https://winscp.net/tracker/2006
martin

Re: Authentication Failed

fernao wrote:

But, I'm just wondering (not important, though) why that tunnel option was problematic:
- via script

Because the script generator does not add the host key for the tunnel (TunnelHostKey raw session settings).

- via a duplicated GUI connection but a cloned host

I do not understand.
fernao

Re: Authentication Failed

Hi Martin,
Thanks for resolving the logging issue.
I realized a glitch in the configuration of my connection in GUI: it had tunnel option selected but, in reality, that's not necessary. So I unselected it. Then I regenerated the script via the script builder in GUI. I then executed and the script executed successfully. So, issue resolved.

But, I'm just wondering (not important, though) why that tunnel option was problematic:
- via script and
- via a duplicated GUI connection but a cloned host
and it wasn't problematic neither necessary in the original GUI connection.

Anyway, as far as it concerns my script this issue is now resolved.
fernao

Re: Authentication Failed

Thanks Martin.

I see this error:
(ESshFatal) **Expected host key was not configured, use -hostkey switch.**

But I do have the host key switch since this is a script automatically generated by the GUI.

When I tried to change from -hostkey=""ss..."" to -hostkey="ss..." only I got the following error:
(Exception) **Host key does not match configured key fingerprint "ssh-ed25519"!**

Does this help?
martin

Re: Authentication Failed

There seems to be a bug that prevents tunnel errors from being logged.
I've fixed that:
https://winscp.net/tracker/1956
I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.
Though most likely the problem you are facing is that your script is missing tunnel session host key:
https://winscp.net/eng/docs/rawsettings#tunnelhostkey
fernao

Re: Authentication Failed

Hi Martin,
Please find the files attached
Thanks.
martin

Re: Authentication Failed

I have asked for "complete logs from the GUI and the script".
fernao

Re: Authentication Failed

Hi Martin,

sorry for my late reply. I though I would receive email notification upon replies. Here's what you requested.
@echo off
 
"C:\Program Files (mine)\WinSCP\WinSCP.com" ^
  /log="C:\temp\WinSCP.log" /ini=nul ^
  /command ^
    "open scp://xpto:temppass@16.142.123.226/ -hostkey=""ssh-ed25519 255 6111asdeQSwYxfhhcNsad3XVmgScclL2Smgf85ucQ="" -privatekey=""C:\temp\id_rsa.ppk"" -rawsettings AuthGSSAPI=0 Tunnel=1 TunnelHostName=""16.142.123.226"" TunnelUserName=""xpto"" TunnelPublicKeyFile=""C:%%5Ctemp%%5Cid_rsa.ppk"" TunnelPasswordPlain=""temppass""" ^
    "put C:\temp\x.log x.log" ^
    "exit"
 
set WINSCP_RESULT=%ERRORLEVEL%
if %WINSCP_RESULT% equ 0 (
  echo Success
) else (
  echo Error
)
 
exit /b %WINSCP_RESULT%

. 2021-02-26 18:48:37.082 --------------------------------------------------------------------------
. 2021-02-26 18:48:37.083 WinSCP Version 5.17.10 (Build 11087) (OS 10.0.14393 - Windows 10 Enterprise 2016 LTSB)
. 2021-02-26 18:48:37.083 Configuration: nul
. 2021-02-26 18:48:37.083 Log level: Normal
. 2021-02-26 18:48:37.083 Local account: IANAP\mylanuser
. 2021-02-26 18:48:37.083 Working directory: C:\temp
. 2021-02-26 18:48:37.083 Process ID: 9524
. 2021-02-26 18:48:37.084 Command-line: "C:\Program Files (mine)\WinSCP\WinSCP.exe" /console=5.17.10 /consoleinstance=_23684_832 "/log=C:\temp\WinSCP.log" "/ini=nul" "/command" "open scp://xpto:***@16.142.123.226/ -hostkey=""ssh-ed25519 255 6111asdeQSwYxfhhcNsad3XVmgScclL2Smgf85ucQ="" -privatekey=""C:\temp\Jirnexu\id_rsa.ppk"" -rawsettings AuthGSSAPI=0 Tunnel=1 TunnelHostName=""16.142.123.226"" TunnelUserName=""xpto"" TunnelPublicKeyFile=""C:%5Ctemp%5Cid_rsa.ppk"" TunnelPasswordPlain=***" "put C:\temp\x.log x.log" "exit"
. 2021-02-26 18:48:37.084 Time zone: Current: GMT+8 (Malay Peninsula Standard Time), No DST
. 2021-02-26 18:48:37.084 Login time: Friday, February 26, 2021 6:48:37 PM
. 2021-02-26 18:48:37.084 --------------------------------------------------------------------------
. 2021-02-26 18:48:37.084 Script: Retrospectively logging previous script records:
> 2021-02-26 18:48:37.084 Script: open scp://xpto:***@16.142.123.226/ -hostkey="ssh-ed25519 255 6111asdeQSwYxfhhcNsad3XVmgScclL2Smgf85ucQ=" -privatekey="C:\temp\Jirnexu\id_rsa.ppk" -rawsettings AuthGSSAPI=0 Tunnel=1 TunnelHostName="16.142.123.226" TunnelUserName="xpto" TunnelPublicKeyFile="C:%5Ctemp%5Cid_rsa.ppk" TunnelPasswordPlain=***
. 2021-02-26 18:48:37.084 --------------------------------------------------------------------------
. 2021-02-26 18:48:37.084 Session name: xpto@16.142.123.226 (Ad-Hoc site)
. 2021-02-26 18:48:37.084 Host name: 16.142.123.226 (Port: 22)
. 2021-02-26 18:48:37.084 User name: xpto (Password: Yes, Key file: Yes, Passphrase: No)
. 2021-02-26 18:48:37.084 Tunnel: Yes
. 2021-02-26 18:48:37.084 Tunnel: Host name: 16.142.123.226 (Port: 22)
. 2021-02-26 18:48:37.084 Tunnel: User name: xpto (Password: Yes, Key file: Yes)
. 2021-02-26 18:48:37.084 Tunnel: Local port number: 0
. 2021-02-26 18:48:37.084 Transfer Protocol: SCP
. 2021-02-26 18:48:37.084 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2021-02-26 18:48:37.084 Disable Nagle: No
. 2021-02-26 18:48:37.084 Proxy: None
. 2021-02-26 18:48:37.084 Send buffer: 262144
. 2021-02-26 18:48:37.085 SSH protocol version: 2; Compression: No
. 2021-02-26 18:48:37.085 Bypass authentication: No
. 2021-02-26 18:48:37.085 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2021-02-26 18:48:37.085 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2021-02-26 18:48:37.085 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2021-02-26 18:48:37.085 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2021-02-26 18:48:37.085 Simple channel: Yes
. 2021-02-26 18:48:37.085 Return code variable: Autodetect; Lookup user groups: Auto
. 2021-02-26 18:48:37.085 Shell: default
. 2021-02-26 18:48:37.085 EOL: LF, UTF: Auto
. 2021-02-26 18:48:37.085 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2021-02-26 18:48:37.085 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No; Exit code 1 is error: No
. 2021-02-26 18:48:37.085 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2021-02-26 18:48:37.085 Cache directory changes: Yes, Permanent: Yes
. 2021-02-26 18:48:37.085 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2021-02-26 18:48:37.085 DST mode: Unix;Timezone offset: 0h 0m
. 2021-02-26 18:48:37.085 --------------------------------------------------------------------------
. 2021-02-26 18:48:37.085 Opening tunnel.
. 2021-02-26 18:48:37.088 Autoselected tunnel local port number 50001
. 2021-02-26 18:48:37.089 [Tunnel] Looking up host "16.142.123.226" for SSH connection
. 2021-02-26 18:48:37.089 [Tunnel] Connecting to 16.142.123.226 port 22
. 2021-02-26 18:48:37.195 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.17.10
. 2021-02-26 18:48:37.287 [Tunnel] Remote version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
. 2021-02-26 18:48:37.287 [Tunnel] Using SSH protocol version 2
. 2021-02-26 18:48:37.386 [Tunnel] Doing ECDH key exchange with curve Curve25519 and hash SHA-256
. 2021-02-26 18:48:37.555 [Tunnel] Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
. 2021-02-26 18:48:37.555 [Tunnel] Host key fingerprint is:
. 2021-02-26 18:48:37.555 [Tunnel] ssh-ed25519 255 5d:22:c3:fd:21:18:7c:e5:1e:89:74:a2:b2:a6:b7:b3 6111asdeQSwYxfhhcNsad3XVmgScclL2Smgf85ucQ=
. 2021-02-26 18:48:37.556 [Tunnel] Closing connection.
martin

Re: Authentication Failed

fernao wrote:

- been using the same connection via GUI successfully since long time

Please attach complete logs from the GUI and the script.
fernao

Authentication Failed

Hey guys,

I'm facing an "Authentication Failed" while trying to execute an automatically generated session script. Few things I've tried:
- to use a batch script automatically generated by GUI
- to encode other things besides just the password like hostkey, privatekey...
- to set AuthGSSAPI=0
- to use a user that doesn't require password
- check the packets with Wireshark (not an expert on this but I tend to believe the encryption method was agreed since I see SSHv2 packets being exchanged and then just 2 or TCP)
- I also tried UTF-8 and UTF with BOM
- I enabled /loglevel=1 and confirmed the fingerprint is interpreted as it is in the script
- been using the same connection via GUI successfully since long time

This is the last portion of the log:
20:02:23.884 --------------------------------------------------------------------------
20:02:23.884 Opening tunnel.
20:02:23.884 Autoselected tunnel local port number 50002
20:02:23.884 [Tunnel] Looking up host "11.140.129.111" for SSH connection
20:02:23.884 [Tunnel] Connecting to 11.140.129.111 port 22
20:02:23.968 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.15.9
20:02:24.052 [Tunnel] Server version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
20:02:24.052 [Tunnel] Using SSH protocol version 2
20:02:24.147 [Tunnel] Doing ECDH key exchange with curve Curve25519 and hash SHA-256
20:02:24.554 [Tunnel] Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
20:02:24.554 [Tunnel] Host key fingerprint is:
20:02:24.554 [Tunnel] ssh-ed25519 256 22:5e:c3:18:21:fd:7c:e5:1e:89:74:a2:b2:a6:b7:b3 6111a8u7eQSwYxfhhcNDE
20:02:24.555 [Tunnel] Closing connection.
20:02:24.555 [Tunnel] Sending special code: 12

The issue may be around the fingerprint but again I'm not an expert, I'm just googling. Any hint on this please?
martin

Re: Authentication failed.

john pena wrote:

Hi
I am unable to log in using the script. However using same username and password I can successfully log in. Thanks for the help.

Please start a new thread and attach full session log files both from script and GUI (using the latest version of WinSCP).
john pena

Authentication failed.

Hi
I am unable to log in using the script. However using same username and password I can successfully log in. Thanks for the help.
C:ftp_work>winscp.com /script=my_script.txt /log=my_log.log

Searching for host...
Connecting to host...
Authenticating...
Using username "userxxx".
Authenticating with pre-entered password.
Using keyboard-interactive authentication.

xxxx Session Broker 9.1.2.1

...
....
...

Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "userxxx".

Authentication failed.

C:ftp_work>


my_script.txt:
open sftp://userxxx:secret@xx.xx.xxx.xx:8024/ -rawsettings ProxyMethod=1 ProxyHost=localhost ProxyPort=2015 
cd /dir1/dir2
get file1
bye

my_log.log:
....
. 2017-07-12 18:05:59.293 Initialised AES-256 SDCTR client->server encryption
. 2017-07-12 18:05:59.293 Initialised HMAC-SHA1 client->server MAC algorithm
. 2017-07-12 18:05:59.293 Initialised AES-256 SDCTR server->client encryption
. 2017-07-12 18:05:59.293 Initialised HMAC-SHA1 server->client MAC algorithm
! 2017-07-12 18:05:59.293 Using username "userxxx".
. 2017-07-12 18:05:59.308 Server offered these authentication methods: password,keyboard-interactive
. 2017-07-12 18:05:59.308 Attempting keyboard-interactive authentication
. 2017-07-12 18:05:59.308 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.", "Password: ")
. 2017-07-12 18:05:59.308 Using stored password.
. 2017-07-12 18:06:01.732 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.
. 2017-07-12 18:06:01.732
 
. 2017-07-12 18:06:01.732
 
. 2017-07-12 18:06:01.732 xxxx Session Broker 9.1.2.1
 
. 2017-07-12 18:06:01.732
 
. 2017-07-12 18:06:01.732 This system is private and may only be accessed if authorized.
 
. 2017-07-12 18:06:01.732 ", <no prompt>)
. 2017-07-12 18:06:02.237 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.", "networkId: ")
. 2017-07-12 18:06:02.237 Disconnected: Unable to authenticate
somebadhat

Access denied. Authentication failed.

THANKS MARTIN.
somebadhat

Access denied. Authentication failed.

SOLVED MY SPECIAL CHARACTER PROBLEM BY TURNING OFF setlocal ENABLEDELAYEDEXPANSION IN THE BATCH FILE. I HAVE ! IN THE PASSWORD.
martin

Re: Authentication failed.

umair.tariq wrote:

Yes I'm able to login successfully from GUI.

So enable password logging and check both GUI and script log for an actual password being used.
GUI: https://winscp.net/eng/docs/ui_pref_logging
Script: Use /loglevel=*
umair.tariq

Re: Authentication failed.

Yes I'm able to login successfully from GUI.
martin

Re: Authentication failed.

The $$ should not be a problem.

Can you login in WinSCP GUI or using any other SFTP/SSH client?
umair.tariq

Private Key (.ppk) Error using .net Assembly

Hi,

I'm facing below error while using WinSCP assembly in my c# code
Connection has been unexpectedly closed. Server sent command exit status 0.

Authentication log (see session log for details):
Unable to use key file "PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20160909
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEA3vMOJJOGCZP+HrFLiWpuLG" (unable to open file)
Using username "m79971".

Authentication failed.

Attaching my code snippet.

Your quick response on this will be highly appreciated. Thanks in advance.
Guest

Re: Password Authentication fails in WinSCP Commandline

martin wrote:


Hi Martin,

That has worked wonderfully well. I noticed that the special characters are mentioned with the Hex equivalent where as I have been trying with decimal ones. The automatic generation of script is a very handy feature of the application. Thanks to the developers and Thank you very much for the support.
martin

Re: Password Authentication fails in WinSCP Commandline

Mey wrote:

Hi, I am in a similar situation mentioned in the thread below. While authenticating using command line option, it fails Authentication. Same password is fine using interactive Logon using WinSCP (I did a paste of the same password) as well as it is fine in GUI.
...

Please read https://winscp.net/eng/docs/faq_script_vs_gui
Mey

Password Authentication fails in WinSCP Commandline

Hi, I am in a similar situation mentioned in the thread below. While authenticating using command line option, it fails Authentication. Same password is fine using interactive Logon using WinSCP (I did a paste of the same password) as well as it is fine in GUI.

But when we include the script in command line option then the authentication fails. When Log was enabled, it was noticed that the character + in the password was replaced with a space. I tried placing the character as %43 with its ASCII code but that failed too.

Any idea how to succeed through the authentication process?

Any help is much appreciated.
walkerk

I logged the steps from the GUI screen and i notice the following
what is the syntex for handing Private key and "SSH key passphrase"
Reading private key file "C:\WinSCP\ICE Notes\ICEPrieKey.ppk"
! 2015-07-21 15:37:51.690 Using username "svc-mft-yjxcelenergy".
. 2015-07-21 15:37:52.818 Offered public key
. 2015-07-21 15:37:52.833 Offer of public key accepted
! 2015-07-21 15:37:52.833 Authenticating with public key "rsa-key-2015XXXX"
. 2015-07-21 15:37:52.880 Prompt (passphrase, "SSH key passphrase", <no instructions>, "Passphrase for key "rsa-key-2015XXXX": ")
. 2015-07-21 15:37:56.338 Sent public key signature
. 2015-07-21 15:37:56.369 Access granted
. 2015-07-21 15:37:56.369 Opening session as main channel
. 2015-07-21 15:37:56.385 Opened main channel
. 2015-07-21 15:37:56.478 Started a shell/command
walkerk

Re: Authentication failed.

i can connect using the full gui application
martin

Re: Authentication failed.

The $$ should not be a problem. Can you connect with GUI?
walkerk

Authentication failed.

Having trouble with signing on to sftp site. getting an Authentication failed
my password is structured pwd$$ does having $$ in the password be source of the problem?
# Automatically abort script on errors
option batch abort
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect
open sftp://username:password$$@website.com/ -hostkey="ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
# Change remote directory
cd /compliance
# Force binary mode transfer
option transfer binary
# Download file to the local directory C:\ChatTest
get x_20*.xml C:\ChatTest
# Disconnect
close

getting the following error
C:\Program Files (x86)\WinSCP>winscp.com /script=c:\IceChat_script.txt

batch           abort
reconnecttime   120
confirm         off
Searching for host...
Connecting to host...
Authenticating...
Using username "svc-mt-y".
Authenticating with pre-entered password.
Access denied.
Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "svc-mft-yjxcelenergy".
Access denied.

Authentication failed.