vbnet example w/PutFile, regarding password and sshhostkey

Advertisement

jayc
Joined:
Posts:
6

vbnet example w/PutFile, regarding password and sshhostkey

I am trying to PutFiles to another server.
1. The above example utilizes password, I am already able to
File.Copy("now.xml", "\\anotherserver\C$\somedir\now.xml")
I just want to do this same process securely, I assume I can use the VB.Net example that is here: https://winscp.net/eng/docs/library#vbnet

I have some issues with this code slice:
With sessionOptions
.Protocol = Protocol.Sftp
.HostName = "example.com"
.UserName = "user"
.Password = "mypassword"
.SshHostKey = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
End With


1. I don't want to hard code my password.
2. How do I generate this key?

Reply with quote

Advertisement

anyoneis
Joined:
Posts:
5
Location:
Seattle

Re: vbnet example w/PutFile, regarding password and sshhostkey

jayc wrote:

I have some issues with this code slice:
With sessionOptions
.Protocol = Protocol.Sftp
.HostName = "example.com"
.UserName = "user"
.Password = "mypassword"
.SshHostKey = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
End With



jayc wrote:


1. I don't want to hard code my password.

Could you read it from the console?

jayc wrote:


2. How do I generate this key?

This key is for the remote server. I used WinSCP GUI to access the host and to record the
SshHost key - look under "Commands", "Server/Protocol information."

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: vbnet example w/PutFile, regarding password and sshhostkey

anyoneis wrote:

This key is for the remote server. I used WinSCP GUI to access the host and to record the
SshHost key - look under "Commands", "Server/Protocol information."
Exactly. See here:
https://winscp.net/eng/docs/ui_fsinfo

Though the only really safe approach is to get the host key from the server administrator. (You may be under attack on the first connect from the GUI already).
_________________
Martin Prikryl

Reply with quote

jayc
Joined:
Posts:
6

I am generating a file on server A and copying to server B with WinSCP - it's an automated process, not any user interaction. I'm a bit confused at a password requirement.

Reply with quote

jayc
Joined:
Posts:
6

From the Using Pageant for Authentication site, it states:

You use different authentication method than a password authentication, such as public key authentication (with passphrase-less private key or with use of Pageant) for SSH session;

I believe this is what I am trying to do and avoid .Password. Just need a little more direction on creating keys and coding for .PutFile to work.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

jayc wrote:

I am generating a file on server A and copying to server B with WinSCP - it's an automated process, not any user interaction. I'm a bit confused at a password requirement.
If you want to use the password authentication with automated process, you obviously need to store the password somewhere. If you have concerns, make sure the password is stored as safely as possible.

For example you can read the password from a configuration file and make sure the file is encrypted and access to the password is as restricted as possible. Both on filesystem level already. E.g. make the file writable by admin only and readable by a system account under which your automated process is running.

Last edited by martin on 2012-03-19; edited 1 time in total

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

jayc wrote:

You use different authentication method than a password authentication, such as public key authentication (with passphrase-less private key or with use of Pageant) for SSH session;

I believe this is what I am trying to do and avoid .Password. Just need a little more direction on creating keys and coding for .PutFile to work.
Make sure you understand how the pageant works before you try to implement this. You may face the very same problem as with password, unless you can run the pageant manually in the same session your automated process is running from and you can enter passphrase key manually. Otherwise you need to save your key unprotected or save a passphrase to the key. And you are back with the password issue.

Anyway, refer here, if you decide to set up public key authentication:
https://winscp.net/eng/docs/guide_public_key

Reply with quote

jayc
Joined:
Posts:
6

From the documentation:
string SshPrivateKey Full path to private key file. The key has to be passphrase-less or Pageant) has to be running with the key loaded (SshPrivateKey then server only to select, what private key Pageant should use, in case more are loaded).


About the SessionOption SshPrivateKey - Where does the private key file go, on the host (target) or on the source? . . . and I assume I generate this with PuTTy on the target ?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

jayc wrote:

About the SessionOption SshPrivateKey - Where does the private key file go, on the host (target) or on the source? . . . and I assume I generate this with PuTTy on the target ?
Private file is private, hence is has to be kept in safety on the local machine. But you need to upload public key to the server.
Again, please refer to
https://winscp.net/eng/docs/guide_public_key
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum