Topic "vbnet example w/PutFile, regarding password and sshhostkey"

Author Message
jayc
[View user's profile]

Joined: 2012-03-13
Posts: 6
I am trying to PutFiles to another server.
1. The above example utilizes password, I am already able to
File.Copy("now.xml", "\\anotherserver\C$\somedir\now.xml")
I just want to do this same process securely, I assume I can use the VB.Net example that is here: https://winscp.net/eng/docs/library#vbnet

I have some issues with this code slice:
With sessionOptions
.Protocol = Protocol.Sftp
.HostName = "example.com"
.UserName = "user"
.Password = "mypassword"
.SshHostKey = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
End With


1. I don't want to hard code my password.
2. How do I generate this key?
Advertisements
anyoneis
[View user's profile]

Joined: 2012-03-12
Posts: 5
Location: Seattle
jayc wrote:
I have some issues with this code slice:
With sessionOptions
.Protocol = Protocol.Sftp
.HostName = "example.com"
.UserName = "user"
.Password = "mypassword"
.SshHostKey = "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
End With




jayc wrote:

1. I don't want to hard code my password.


Could you read it from the console?

jayc wrote:

2. How do I generate this key?


This key is for the remote server. I used WinSCP GUI to access the host and to record the
SshHost key - look under "Commands", "Server/Protocol information."
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
anyoneis wrote:
This key is for the remote server. I used WinSCP GUI to access the host and to record the
SshHost key - look under "Commands", "Server/Protocol information."

Exactly. See here:
https://winscp.net/eng/docs/ui_fsinfo

Though the only really safe approach is to get the host key from the server administrator. (You may be under attack on the first connect from the GUI already).
_________________
Martin Prikryl
jayc
[View user's profile]

Joined: 2012-03-13
Posts: 6
I am generating a file on server A and copying to server B with WinSCP - it's an automated process, not any user interaction. I'm a bit confused at a password requirement.
jayc
[View user's profile]

Joined: 2012-03-13
Posts: 6
From the Using Pageant for Authentication site, it states:

You use different authentication method than a password authentication, such as public key authentication (with passphrase-less private key or with use of Pageant) for SSH session;

I believe this is what I am trying to do and avoid .Password. Just need a little more direction on creating keys and coding for .PutFile to work.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
jayc wrote:
I am generating a file on server A and copying to server B with WinSCP - it's an automated process, not any user interaction. I'm a bit confused at a password requirement.

If you want to use the password authentication with automated process, you obviously need to store the password somewhere. If you have concerns, make sure the password is stored as safely as possible.

For example you can read the password from a configuration file and make sure the file is encrypted and access to the password is as restricted as possible. Both on filesystem level already. E.g. make the file writable by admin only and readable by a system account under which your automated process is running.

Last edited by martin on 2012-03-19; edited 1 time in total
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
jayc wrote:
You use different authentication method than a password authentication, such as public key authentication (with passphrase-less private key or with use of Pageant) for SSH session;

I believe this is what I am trying to do and avoid .Password. Just need a little more direction on creating keys and coding for .PutFile to work.

Make sure you understand how the pageant works before you try to implement this. You may face the very same problem as with password, unless you can run the pageant manually in the same session your automated process is running from and you can enter passphrase key manually. Otherwise you need to save your key unprotected or save a passphrase to the key. And you are back with the password issue.

Anyway, refer here, if you decide to set up public key authentication:
https://winscp.net/eng/docs/guide_public_key
jayc
[View user's profile]

Joined: 2012-03-13
Posts: 6
From the documentation:
string SshPrivateKey Full path to private key file. The key has to be passphrase-less or Pageant) has to be running with the key loaded (SshPrivateKey then server only to select, what private key Pageant should use, in case more are loaded).


About the SessionOption SshPrivateKey - Where does the private key file go, on the host (target) or on the source? . . . and I assume I generate this with PuTTy on the target ?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
jayc wrote:
About the SessionOption SshPrivateKey - Where does the private key file go, on the host (target) or on the source? . . . and I assume I generate this with PuTTy on the target ?

Private file is private, hence is has to be kept in safety on the local machine. But you need to upload public key to the server.
Again, please refer to
https://winscp.net/eng/docs/guide_public_key
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License