Topic "How to protect FTP sessions when scripting"

Author Message
Barlo
[View user's profile]

Joined: 2012-09-03
Posts: 9
I have WinSCP installed on a server where some users access through terminal server to do some jobs. Due to scripting reasons WinSCP is using WinSCP.ini file to store sessions. My script file uses stored sessions that I don't want to be available to other users.

How could I protect some stored sesions?. It will be right if sensitive session were hidden, protected with password before be able to connect...

Thank you very much.
Advertisements
Barlo
[View user's profile]

Joined: 2012-09-03
Posts: 9
I have activated the master password option but this take effect over all stored sessions and I would like to protect just a few sessions against improper accesses. How could I do that?

What other possibilities have to do this?

Regards.

Last edited by Barlo on 2012-09-21 11:46; edited 2 times in total
Barlo
[View user's profile]

Joined: 2012-09-03
Posts: 9
Now that I have stablished a master password for stored sessions, my script file is not working.
Is there a way to let it known what is the master password?

Thanks in advance.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24996
Location: Prague, Czechia
You can have one INI file with the secret sessions and another with public ones. And use file-level permissions to restrict access to the secret INI file.
And no, you cannot use master password for automation.
Barlo
[View user's profile]

Joined: 2012-09-03
Posts: 9
Could you please give more details?. Do you mean, public sessions ini file in the WinSCP directory, and secret ini file in a different directory with access restrictions?

Regards.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24996
Location: Prague, Czechia
Correct.

See https://winscp.net/eng/docs/config
_________________
Martin Prikryl
CoachKA
[View user's profile]

Joined: 2013-09-16
Posts: 2
prikryl wrote:
You can have one INI file with the secret sessions and another with public ones. And use file-level permissions to restrict access to the secret INI file.
And no, you cannot use master password for automation.


If the master password can't be used for automation/scripting, then is there a method for encrypting the password listed in a script file?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24996
Location: Prague, Czechia
CoachKA wrote:
If the master password can't be used for automation/scripting, then is there a method for encrypting the password listed in a script file?

Quoting https://winscp.net/eng/docs/security_credentials#storing_password:
Quote:
Saved passwords (unless protected by master password) are stored in a manner that they can easily be recovered. It is not possible to securely encrypt passwords in a way that still allows for automatic use. Do not use the save password feature if you are not absolutely sure of the physical and electronic security of the system on which you are storing passwords.

This relates to storing password in GUI, but applies equally to your question.
Note that master password would not help as you would have to save it to the script too.

See also:
https://winscp.net/eng/docs/guide_protecting_credentials_for_automation
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License