As you can see it only compares the first word of the hostkey string against the whole chain.
command wrote on powershell:
PS C:\Windows\system32> WinSCP.com /log="C:\writable\path\to\log\WinSCP.log" /ini=nul /command "open sftp://user:password@example.com/ -hostkey=""ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e"""
Error occurred during logging. It's been turned off.
Can't open log file 'C:\writable\path\to\log\WinSCP.log'.
System Error. Code: 2.
The system cannot find the file specified
Searching for host...
Connecting to host...
Authenticating...
Host key does not match configured key "ssh-ed25519"!
Host key fingerprint is ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e.
Authentication failed.
I've tried double-double-quoting:
"open sftp://user:password@example.com/ -hostkey=""ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e"""
I've tried mixing simple and double-quoting:
'open sftp://user:password@example.com/ -hostkey="ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e"'
I've tried escaping the inner quotes:
"open sftp://user:password@example.com/ -hostkey=`"ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e`""
...nothing worked.
But, if I start winscp, and run the open command inside it works.
open sftp://user:password@example.com/ -hostkey="ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e"
PS C:\Windows\system32> WinSCP.com
winscp> open sftp://user:password@example.com/ -hostkey="ssh-ed25519 256 1d:de:80:c5:4f:d6:72:1d:be:94:51:6b:53:9a:93:4e"
Searching for host...
Connecting to host...
Authenticating...
Using username "user".
Authenticating with pre-entered password.
Authenticated.
Starting the session...
Session started.
Active session: [1] user@example.com
winscp>
I'm using the wildcard style for now:
"open sftp://user:password@example.com/ -hostkey=*"
But I don't feel confortable with it...