Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

p1c0

Ok, thanks for your comment. For the moment, user can't change the fingerprint. Perhaps in the future but it's not sure. I want to do this in order to increase security but i'm not sure it is really necessary... :?
martin

p1c0 wrote:

It is not possible to change fingerprint of the server after installation? :? (with ssh-keygen ?)

Technically it is possible. But it makes no sense. And only administrator of the server (root) can do that. I do not know what is your audience.
p1c0

It is not possible to change fingerprint of the server after installation? :? (with ssh-keygen ?)
martin

p1c0 wrote:

Yes i want that user can generate a new fingerprint on the server...

I do not get this. User AFAIK cannot generate new host key (neither its fingerprint). Host key is typically generated only during installation of the server. User typically accept the key only on client machine.
p1c0

Yes i want that user can generate a new fingerprint on the server... But with option batch off, it exactly what i want to do! User can simply answer that he trust the server without doing a lot of things...

Thanks a lot for your help! :P

p1c0.
martin

p1c0 wrote:

My application is supposed to be sell. So, it is not possible to have the same fingerprint for all ssh servers which will be installed. So the ini file or the registry key will change and i have to know the value of the key without accept the first time if it is possible...

Then you know neither the fingerprint. Are you going to let user specify it during installation? Then you can have another script with "option batch off" that is launched during installation that would just connect to the server. You will instruct the user that he/she needs to verify the host key and eventually accept it (pressing "yes").
p1c0

martin wrote:

Probably there is. But why do you want to do that, if you know the value? Or you do not know it?


My application is supposed to be sell. So, it is not possible to have the same fingerprint for all ssh servers which will be installed. So the ini file or the registry key will change and i have to know the value of the key without accept the first time if it is possible...
martin

p1c0 wrote:

I want to know if there is a method to calculate value of registry when we know the server fingerprint?

Probably there is. But why do you want to do that, if you know the value? Or you do not know it?
p1c0

Sory but i have difficulties to speak english... :?

I want to know if there is a method to calculate value of registry when we know the server fingerprint?

I have understood that i have to store this value in registry but i just search a method to determine this value...

Thanks a lot.
martin

p1c0 wrote:

Ok. There is no other method? I don't think people who will use my application can do that. So i would create a batch in order to do that... Is it possible?

Definitelly. I've meant it so. Again, either distribute the INI file or import the key into registry from batch file before running the script (using regedit.exe).
p1c0

martin wrote:

I've ment that you should instruct the user that before running your script the first time, he/she needs to accept the host key. Whatever way.


martin wrote:

Accept the key on your station and reuse the value stored into registry.


Ok. There is no other method? I don't think people who will use my application can do that. So i would create a batch in order to do that... Is it possible?

Thanks for your help
martin

p1c0 wrote:

martin wrote:

Either let user to accept the key first (in interactive mode)


So i have to delete "option confirm off" of my script??

I've ment that you should instruct the user that before running your script the first time, he/she needs to accept the host key. Whatever way.

martin wrote:

or distribute the key with your script (in INI file or import the key into registry before running the script).


Ok, so i have to create a rsa2@server_port:server_ip in this registry [HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SshHostKeys]. Am i right?

But i have difficulties to know where come the value from??

Accept the key on your station and reuse the value stored into registry.
p1c0

martin wrote:

Either let user to accept the key first (in interactive mode)


So i have to delete "option confirm off" of my script??

martin wrote:

or distribute the key with your script (in INI file or import the key into registry before running the script).


Ok, so i have to create a rsa2@server_port:server_ip in this registry [HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SshHostKeys]. Am i right?

But i have difficulties to know where come the value from??
martin

p1c0 wrote:

So i understand that what I want to do is not a good solution, but how can i give possibility to the user to reply Yes to the answer?? :?

Either let user to accept the key first (in interactive mode) or distribute the key with your script (in INI file or import the key into registry before running the script).
p1c0

Sorry to insist but i've read this : https://winscp.net/eng/docs/scripting#different_account

And particularly :

Never attempt to make the script verify the host key automatically.


So i understand that what I want to do is not a good solution, but how can i give possibility to the user to reply Yes to the answer?? :?

Thanks in advance
p1c0

Hi all,

i will give you more information in order you can help me...

I use WinSCP 3.7.5 and my server is OpenSSH v4.0p1

Here is beginning of my script :

option batch on

option confirm off
open root@192.168.1.10:22
option transfer binary


But as I say before, it doesn't work because i can't say that I trust the server... :(

Any help???
p1c0

Problem with private key...

Hi all,

i try to upload file on a ssh server with WinSCP. I use Pageant to store my private key but when i try to open my session with a script, i've got the message which ask if i want to trust the server... By default, it answer Cancel. Since i use a script, it answer Cancel each time so i want to know if there is a method to turn around this??

Thanks in advance.

p1c0.