Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

TS

Re: commandline download...

2007-11-26 09:32

Thomas Boss wrote:

Hi,
...
* 2007-11-21 18:49:12.875 Host key wasn't verified!
. 2007-11-21 18:49:12.875 Closing connection.
...
because i allways trust my servers.

so, what could i do to get this working?

Make a list of host keys for all of your servers, and add those host keys to WinSCP -- either through the use of an INI file, or via a registry file that you (silently?) import before firing off the WinSCP script.

I think Martin has said before, it's a gross security risk (read: Bad Idea[tm]) to blindly accept a host key without verification. That's putting all your trust in the infallibility of the network to prevent a MitM attack. In most cases the network is NOT cryptographically strong, and so it reduces the security of your ssh (weakest link, etc). If you really care so little about the security of your file transfer, plaintext FTP requires no host key caching and because it has no cryptographic overhead, may even be faster. The fact that you're sending your user account credentials in plain text is, in our hypothetical scenario, a non-issue. Or even better, use TFTP and dispense with the facade of user authentication altogether. Realize that any of these options are equivalent from a security standpoint. (Well, okay plain FTP might be worse because the user credentials revealed could potentially be used to impersonate that user elsewhere.)

Thomas Boss

commandline download...

2007-11-21 18:58

Hi,
i try to make a unattendet commandline download with the following commandline:

WinSCP.exe /command "open xx:xx@xx" "/option batch on" "/option confirm off" "get x/x/x.txt C:\x.txt" "exit" /Log="C:\log.txt"

unfortunatly i don't get it to work. I allways get this lines in the Log:

. 2007-11-21 18:49:12.875 Asking user:
. 2007-11-21 18:49:12.875 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 The server's rsa2 key fingerprint is:
. 2007-11-21 18:49:12.875 ssh-rsa 1024 c6:5b:58:f2:75:16:bb:3a:dd:46:70:44:f0:6c:31:45
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2007-11-21 18:49:12.875
. 2007-11-21 18:49:12.875 Continue connecting and add host key to the cache? ()
. 2007-11-21 18:49:12.875 Attempt to close connection due to fatal exception:
* 2007-11-21 18:49:12.875 Host key wasn't verified!
. 2007-11-21 18:49:12.875 Closing connection.

i thought with "option batch on" i turned off the "Asking user" (which is quit stupid in a commandline, or not?)

I can't store the connection (in WinSCP the connection works) because there are different connections, and it would be easyier - because i allways trust my servers.

so, what could i do to get this working?

BR
Thomas

Post a reply

Topic review

Re: commandline download...

commandline download...

Documentation

Support

Associations

Follow Us