Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: using fingerprint switch instead of password in script

I cannot help you as you have removed the key from the prompt. So I cannot check that you have used correct key. It's public key, so it's not a secret.

Anyway, server's host key is not used for authentication! So, I'm afraid you do not understand what you are doing.
See https://winscp.net/eng/docs/ssh_keys
Keith W

using fingerprint switch instead of password in script

Trying to set up a script to automate a nightly file transfer to an sftp server. Security precludes storing passwords in clear text in the script, so I'm trying to use the fingerprint switch as specified in this example found at https://winscp.net/eng/docs/session_url

sftp://martin;fingerprint=ssh-dss-0b-77-8b-68-f4-45-b1-3c-87-ad-5c-be-3b-c5-72-78@example.com/

I set up my script as follows:

option batch abort
option confirm off
open sftp://user;-fingerprint=<key fingerprint>@sftp.domain.org/
cd /
put filename.csv
exit

When I run the script I get this:

c:\scripts\sftp\WinSCP\winscp.com /script=<filename>.sftp /ini=nul
batch abort
reconnecttime 120
confirm off
Searching for host...
Connecting to host...
Authenticating...
Continue connecting to an unknown server and add its host key to a cache?
The server's host key was not found in the cache. You have no guarantee that the
server is the computer you think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 1024 <key fingerprint>
If you trust this host, press Yes. To connect without adding host key to the cac
he, press No. To abandon the connection press Cancel.
(Y)es, (N)o, C(a)ncel, (C)opy Key: Cancel
Host key wasn't verified!
Host key fingerprint is <key fingerprint>
Authentication failed.

There is no chance to select (Y)es before the script aborts with 'Authentication Failed'.

I tried running this from the WinSCP GUI and was prompted to add the key to the cache and it was successful. Subsequent connections in the GUI connect without prompting for the key. However, whenever I run the script I still get the message above and have no option to add the key fingerprint to the cache.