Topic "Cannot Connect to Remote Server with WinSCP 5.5.4 thru 5.7.3 Using Scripting Method via Command Line"

Author Message
MrWinFL37_2

Guest


Cannot Connect to Remote Server with WinSCP 5.5.4 thru 5.7.3 Using Scripting Method via Command Line. Was able to connect with Version 5.5.1.

For almost 2 years, I have been uploading files to a business FTP Server, and suddenly I cannot connect to that server from the Command Line with a Script, ever since upgrading to WinSCP 5.5.4 thru 5.7.3. In the previous 2 years, I was using WinSCP 5.5.1, and pasted below is the section of the LOG file for when connections were successful with Version 5.5.1, as well as now that they are failing. The error is "TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server
However, I am able to connect with the GUI version and the same settings in "Sites", and perform uploads manually. Below are sections of the LOG file from the GUI with Ver 5.7.3, Command Line with Ver 5.7.3, and Command Line with Ver 5.5.1. All kinds of variations of the script's switches have been tried: such as -explicittls open ftp://
Here is the command line:
winscp.com /script=connectload_AS_0827.txt /log=log.txt
Here is the script:
option batch off
option confirm on
open ftps://UMAN5441:JKE78MNW1@onlinefileserver.metrodyg.com:20021/ -timeout=60 -explicitssl -passive=ON -certificate="0d:76:c4:f2:00:ad:5c:21:74:a1:88:2e:b3:0d:d8:a6:a8:79:81:ab"
lcd X:\
lcd X:\Large\Custom\Interface\SFTP\Metrodyg\FTPOUT
option transfer ascii
# Upload a file or multiple files to the local directory
put X:\Large\Custom\Interface\SFTP\Metrodyg\FTPOUT\AS_0827.txt /AR12345356/*.*
close
exit
After running the script I get following in console:
C:\Program Files (x86)\WinSCP>winscp.com /script=connectload_AS_0827.txt /log=log.txt
batch off
confirm on
Connecting to onlinefileserver.metrodyg.com:20021 ...
Connection failed.
TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server
Connection failed.
X:\
X:\ELITE\Custom\Interface\SFTP\Suntrust\FTPOUT
transfer ascii
No session.
No session.
Using WinSCP 5.7.3 on Windows Server 2008 R2 x64. Session log files are attached. The "Log.txt" file uses /log=log.txt switch. The "log_Accompanying_Logs.txt" file contains comparisons of the log file between GUI Mode 5.7.3 (which succeeds), Command Line 5.7.3 (which fails), and Command Line 5.5.1 (which succeeds).
Thank you

Contact Info: Robert.weston@Akerman.com
Username: MrWinFL37
log_Accompanying_Logs.txt (11.56 KB) Private file

Description: Shows log entries of 5.7.3 GUI versus Command Line, and 5.5.1

log.txt (4.25 KB) Private file

Description: 5.7.3 Only - failure.

Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
It looks like your server does not support TLS, only SSL.
Since 5.6.2, WinSCP does not allow SSL by default, as it suffers many vulnerabilities, including CVE-2014-3566 (POODLE).

If you want to allow SSL anyway, use: open ... -rawsettings MinTlsVersion=3

See https://winscp.net/eng/docs/rawsettings
tgice
[View user's profile]

Joined: 2015-06-25
Posts: 2
I found this thread after updating to the latest version (I'm sure bridging the version that changed to by default make the MinTlsVersion > 3) where I was trying to login to an FTPS site like this:

Code:
WinSCP.com /command "open ftps://username:password@address"


when I did this without the MinTlsVersion specification, I got this type of response:

Quote:
Connecting to address:990 ...
Connection failed.
TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server
Connection failed.

then, when I ran:

Code:
WinSCP.com /command "open ftps://username:password@address -rawsettings MinTlsVersion=3"


I got this response:

Quote:
Connecting to address:990 ...
TLS connection established. Waiting for welcome message...
Connection failed.
Using SSLv3, cipher TLSv1/SSLv3: RC4-SHA, 512 bit RSA
Connection failed.
Transaction failed ... Service unavailable or rejected

Finally, I thought to try dropping the 'username:password@' part from the open command; once I did this, and included the MinTlsVersion setting above, finally I was able to connect. Hopefully this gives someone else another thing to try on their connections.

I should also mention that the password included a ';' character, if that might make any difference, otherwise everything was pretty straightforward (and used to work on the older versions). Not sure if this could be a bug or not.
tgice
[View user's profile]

Joined: 2015-06-25
Posts: 2
Ah, finally I thought to try the same thing from the GUI (WinSCP.exe), setup a new connection with the same details and was surprised when it connected (I of course had to go into the Advanced options and set the MinTlsVersion down to 3 as on the command line).

I wondered how it worked then, so I right-clicked the new entry and chose "Generate Session URL" and noticed that that ";" character was replaced with "%3B" in the URL. Once I used that URL on the command line, it worked.

Of course I had to indicate that the password should be saved in the entry to see it come up in the URL like that (which of course is necessary when using this in an automated scripting environment).

I suppose that's the solution, but it might be nice if a warning was generated or something if an unescaped character is used in a login/password that needs to be escaped.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
Thanks for your post.

See https://winscp.net/eng/docs/session_url for the escaping.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License