Topic "Logging to sFTP with private key via Pageant"

Author Message
lumrk
[View user's profile]

Joined: 2012-05-15
Posts: 4
Hi,

I'm using WinSCP 4.3.7 (1679) on Windows Vista SP2.

I'm trying to log on to server with automation script, which is called in C# application. This application in general only calls winscp.com to download some file from server.

Code:
winscp.com mySession /command "option confirm off" "cd remoteDir" "get remoteFile localDir" exit


In mySession I'm using a encrypted private key file, SFTP protocol with SCP fallback allowed. To avoid asking for passphrase for private key, I'm running pageant with this key added.

And now the problem:
If I want to log in manually in cmd.exe everything works fine.
Code:
winscp.com mySession

If I execute that app, it logs on to server fine as well (see log1)
But if this app is embedded in windows service (running under the same account as above), the script don't ask pageant for key. (see log2)

Log 1
. 2012-05-15 14:05:25.757 --------------------------------------------------------------------------
. 2012-05-15 14:05:25.757 WinSCP Version 4.3.7 (Build 1679) (OS 6.0.6002 Service Pack 2)
. 2012-05-15 14:05:25.758 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-05-15 14:05:25.758 Local account: INT\catadmin
. 2012-05-15 14:05:25.758 Login time: Tuesday, May 15, 2012 2:05:25 PM
. 2012-05-15 14:05:25.758 --------------------------------------------------------------------------
. 2012-05-15 14:05:25.758 Session name: eurex-cre (Stored session)
. 2012-05-15 14:05:25.759 Host name: 193.29.90.129 (Port: 2222)
. 2012-05-15 14:05:25.759 User name: 1075314_000001 (Password: No, Key file: Yes)
. 2012-05-15 14:05:25.759 Tunnel: No
. 2012-05-15 14:05:25.759 Transfer Protocol: SFTP (SCP)
. 2012-05-15 14:05:25.759 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-05-15 14:05:25.759 Proxy: none
. 2012-05-15 14:05:25.759 SSH protocol version: 2; Compression: No
. 2012-05-15 14:05:25.759 Bypass authentication: No
. 2012-05-15 14:05:25.759 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-05-15 14:05:25.759 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-05-15 14:05:25.759 SSH Bugs: -,-,-,-,-,-,-,-,-
. 2012-05-15 14:05:25.759 SFTP Bugs: -,-
. 2012-05-15 14:05:25.759 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-05-15 14:05:25.759 Shell: default
. 2012-05-15 14:05:25.759 EOL: 0, UTF: 2
. 2012-05-15 14:05:25.759 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-05-15 14:05:25.759 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-05-15 14:05:25.759 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-05-15 14:05:25.759 Cache directory changes: Yes, Permanent: Yes
. 2012-05-15 14:05:25.759 DST mode: 1
. 2012-05-15 14:05:25.759 --------------------------------------------------------------------------
. 2012-05-15 14:05:25.760 Looking up host "193.29.90.129"
. 2012-05-15 14:05:25.760 Connecting to 193.29.90.129 port 2222
. 2012-05-15 14:05:25.778 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:25.778 Detected network event
. 2012-05-15 14:05:25.786 Detected network event
. 2012-05-15 14:05:25.786 Server version: SSH-2.0-OpenSSH_5.3
. 2012-05-15 14:05:25.786 Using SSH protocol version 2
. 2012-05-15 14:05:25.786 We claim version: SSH-2.0-WinSCP_release_4.3.7
. 2012-05-15 14:05:25.786 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:25.798 Detected network event
. 2012-05-15 14:05:25.798 Doing Diffie-Hellman group exchange
. 2012-05-15 14:05:25.798 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:25.859 Detected network event
. 2012-05-15 14:05:25.859 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-05-15 14:05:26.032 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.061 Detected network event
. 2012-05-15 14:05:26.205 Host key fingerprint is:
. 2012-05-15 14:05:26.205 ssh-rsa 2048 3b:c0:a4:8d:a2:a0:f7:2b:a1:2e:0c:b7:f4:02:9d:c7
. 2012-05-15 14:05:26.205 Initialised AES-256 SDCTR client->server encryption
. 2012-05-15 14:05:26.205 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-05-15 14:05:26.205 Initialised AES-256 SDCTR server->client encryption
. 2012-05-15 14:05:26.205 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-05-15 14:05:26.205 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.270 Detected network event
. 2012-05-15 14:05:26.270 Reading private key file "C:\Install\keys\eurex-rsj-cre.priv.ppk"
. 2012-05-15 14:05:26.270 Pageant is running. Requesting keys.
. 2012-05-15 14:05:26.270 Pageant has 1 SSH-2 keys
. 2012-05-15 14:05:26.270 Pageant key #0 matches configured key file
! 2012-05-15 14:05:26.270 Using username "1075314_000001".
. 2012-05-15 14:05:26.271 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.381 Detected network event
. 2012-05-15 14:05:26.381 Trying Pageant key #0
. 2012-05-15 14:05:26.381 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.404 Detected network event
! 2012-05-15 14:05:26.404 Authenticating with public key "rsa-key-20120228" from agent
. 2012-05-15 14:05:26.527 Sending Pageant's response
. 2012-05-15 14:05:26.528 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.599 Detected network event
. 2012-05-15 14:05:26.599 Access granted
. 2012-05-15 14:05:26.599 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.610 Detected network event
. 2012-05-15 14:05:26.610 Opened channel for session
. 2012-05-15 14:05:26.610 Waiting for the server to continue with the initialisation
. 2012-05-15 14:05:26.670 Detected network event
. 2012-05-15 14:05:26.670 Started a shell/command


Log 2

. 2012-05-15 14:08:06.392 --------------------------------------------------------------------------
. 2012-05-15 14:08:06.392 WinSCP Version 4.3.7 (Build 1679) (OS 6.0.6002 Service Pack 2)
. 2012-05-15 14:08:06.392 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-05-15 14:08:06.392 Local account: INT\catadmin
. 2012-05-15 14:08:06.392 Login time: Tuesday, May 15, 2012 2:08:06 PM
. 2012-05-15 14:08:06.392 --------------------------------------------------------------------------
. 2012-05-15 14:08:06.392 Session name: eurex-cre (Stored session)
. 2012-05-15 14:08:06.392 Host name: 193.29.90.129 (Port: 2222)
. 2012-05-15 14:08:06.392 User name: 1075314_000001 (Password: No, Key file: Yes)
. 2012-05-15 14:08:06.392 Tunnel: No
. 2012-05-15 14:08:06.392 Transfer Protocol: SFTP (SCP)
. 2012-05-15 14:08:06.392 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2012-05-15 14:08:06.392 Proxy: none
. 2012-05-15 14:08:06.392 SSH protocol version: 2; Compression: No
. 2012-05-15 14:08:06.392 Bypass authentication: No
. 2012-05-15 14:08:06.392 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2012-05-15 14:08:06.392 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2012-05-15 14:08:06.392 SSH Bugs: -,-,-,-,-,-,-,-,-
. 2012-05-15 14:08:06.392 SFTP Bugs: -,-
. 2012-05-15 14:08:06.392 Return code variable: Autodetect; Lookup user groups: Yes
. 2012-05-15 14:08:06.392 Shell: default
. 2012-05-15 14:08:06.392 EOL: 0, UTF: 2
. 2012-05-15 14:08:06.392 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2012-05-15 14:08:06.392 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2012-05-15 14:08:06.392 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-05-15 14:08:06.392 Cache directory changes: Yes, Permanent: Yes
. 2012-05-15 14:08:06.392 DST mode: 1
. 2012-05-15 14:08:06.392 --------------------------------------------------------------------------
. 2012-05-15 14:08:06.407 Looking up host "193.29.90.129"
. 2012-05-15 14:08:06.407 Connecting to 193.29.90.129 port 2222
. 2012-05-15 14:08:06.423 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:06.423 Detected network event
. 2012-05-15 14:08:06.423 Detected network event
. 2012-05-15 14:08:06.423 Server version: SSH-2.0-OpenSSH_5.3
. 2012-05-15 14:08:06.423 Using SSH protocol version 2
. 2012-05-15 14:08:06.423 We claim version: SSH-2.0-WinSCP_release_4.3.7
. 2012-05-15 14:08:06.423 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:06.438 Detected network event
. 2012-05-15 14:08:06.438 Doing Diffie-Hellman group exchange
. 2012-05-15 14:08:06.438 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:06.501 Detected network event
. 2012-05-15 14:08:06.501 Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-05-15 14:08:06.626 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:06.641 Detected network event
. 2012-05-15 14:08:06.860 Host key fingerprint is:
. 2012-05-15 14:08:06.860 ssh-rsa 2048 3b:c0:a4:8d:a2:a0:f7:2b:a1:2e:0c:b7:f4:02:9d:c7
. 2012-05-15 14:08:06.860 Initialised AES-256 SDCTR client->server encryption
. 2012-05-15 14:08:06.860 Initialised HMAC-SHA1 client->server MAC algorithm
. 2012-05-15 14:08:06.860 Initialised AES-256 SDCTR server->client encryption
. 2012-05-15 14:08:06.860 Initialised HMAC-SHA1 server->client MAC algorithm
. 2012-05-15 14:08:06.860 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:06.953 Detected network event
. 2012-05-15 14:08:06.953 Reading private key file "C:\Install\keys\eurex-rsj-cre.priv.ppk"
! 2012-05-15 14:08:06.953 Using username "1075314_000001".
. 2012-05-15 14:08:07.000 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:07.203 Detected network event
. 2012-05-15 14:08:07.203 Offered public key
. 2012-05-15 14:08:07.203 Waiting for the server to continue with the initialisation
. 2012-05-15 14:08:07.234 Detected network event
. 2012-05-15 14:08:07.234 Offer of public key accepted
! 2012-05-15 14:08:07.234 Authenticating with public key "rsa-key-20120228"
. 2012-05-15 14:08:07.250 Prompt (3, SSH key passphrase, , Passphrase for key "rsa-key-20120228": )
. 2012-05-15 14:08:07.250 Disconnected: Unable to authenticate
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Pageant has to be running in the same session/under the same local account as WinSCP.
Alternatively you can save the private key unecrypted, possibly protecting it locally using system permissions (e.g. granting access to the service only).
_________________
Martin Prikryl
lumrk
[View user's profile]

Joined: 2012-05-15
Posts: 4
prikryl wrote:
Pageant has to be running in the same session/under the same local account as WinSCP.


I'm not sure what 'in the same session' means but Pageant is running under the same local account as WinSCP (both 'INT\catadmin'). As well as windows service is running under the same account.

prikryl wrote:
Alternatively you can save the private key unecrypted, possibly protecting it locally using system permissions (e.g. granting access to the service only).


Yes, this could be a solution, but I'm curious about the solution with the encrypted key.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
I've checked again. Actually it's not necessary for WinSCP and Pageant to run under the same account. But it it necessary that they run in the same session. As you probably run Pageant in the interactive session and WinSCP is run in the scheduler's session, they cannot see each other.
_________________
Martin Prikryl
lumrk
[View user's profile]

Joined: 2012-05-15
Posts: 4
prikryl wrote:
I've checked again. Actually it's not necessary for WinSCP and Pageant to run under the same account. But it it necessary that they run in the same session. As you probably run Pageant in the interactive session and WinSCP is run in the scheduler's session, they cannot see each other.


Ok, this is a bug or feature? Smile (not seeing each other)
Well, if I am not missing something - there is no way to run windows service, which connects to SFTP server using encrypted private key file, because
- if I run Pageant interactively, WinSCP will it not see from scheduler session
- I cannot run Pageant from script without asking for password

Am I right?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
It's feature.
Pageant is not intended this kind of use.
_________________
Martin Prikryl
lumrk
[View user's profile]

Joined: 2012-05-15
Posts: 4
prikryl wrote:
It's feature.
Pageant is not intended this kind of use.


Could you be more specific please?

And could you confirm my thoughts in a previous question?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
lumrk wrote:
Could you be more specific please?

And could you confirm my thoughts in a previous question?

Yes you are right. Also I have suggested a way to go earlier.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License