sftp://, scp:// URL - does not read session's private key

I have a session configured to use key auth - which works fine when using the client.

However when I try to access a file using URL format : both sftp:// or scp:// (and yes, I have registered the client to use URLs) -- the session does not recognize that there is a key to read and fails on auth. It does work with Pagent running but should i not be able to use URL and access a file without Pagent running ?

Below are 2 log entries :
1) success when accessing thru the client
2) failure when using URL (I tried to pull winscp version 3.7.5 beta for this as well to see if problem has been fixed but apparently not).

What am i missing ?

Please note that I have masked out values like user_name,host_name etc. in the log entries below for security reasons. But they are the same in each case.

Thanks in advance for your time.

Success Log - using winscp client : Please note "Key file = Yes". .
. 2005-07-22 08:15:18.390 ---------------------------------------------------------------
. 2005-07-22 08:15:18.390 WinSCP Version 3.7.4 (Build 271) (OS 5.1.2600 Service Pack 1)
. 2005-07-22 08:15:18.390 Login time: Friday, July 22, 2005 8:15:18 AM
. 2005-07-22 08:15:18.390 ---------------------------------------------------------------
. 2005-07-22 08:15:18.390 Session name: <user>@<host>
. 2005-07-22 08:15:18.390 Host name: <host> (Port: 22)
. 2005-07-22 08:15:18.390 User name: <user> (Password: No, Key file: Yes)
. 2005-07-22 08:15:18.390 Transfer Protocol: SFTP (SCP)
. 2005-07-22 08:15:18.390 SSH protocol version: 2; Compression: No
. 2005-07-22 08:15:18.390 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2005-07-22 08:15:18.390 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. 2005-07-22 08:15:18.390 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2005-07-22 08:15:18.390 SSH Bugs: -,-,-,-,-,-,-,-
. 2005-07-22 08:15:18.400 SFTP Bugs: -,-,-
. 2005-07-22 08:15:18.400 Proxy: none
. 2005-07-22 08:15:18.400 Return code variable: Autodetect; Lookup user groups: Yes
. 2005-07-22 08:15:18.400 Shell: default, EOL: 0
. 2005-07-22 08:15:18.400 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2005-07-22 08:15:18.400 Cache directory changes: Yes, Permanent: Yes
. 2005-07-22 08:15:18.400 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2005-07-22 08:15:18.400 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. 2005-07-22 08:15:18.400 --------------------------------------------------------------
. 2005-07-22 08:15:18.400 Looking up host "<host>"
. 2005-07-22 08:15:18.410 Connecting to <ip_address> port 22
. 2005-07-22 08:15:18.811 Server version: SSH-2.0-OpenSSH_4.1
. 2005-07-22 08:15:18.811 We claim version: SSH-2.0-WinSCP_release_3.7.4
. 2005-07-22 08:15:18.811 Using SSH protocol version 2
. 2005-07-22 08:15:18.871 Doing Diffie-Hellman group exchange
. 2005-07-22 08:15:19.131 Doing Diffie-Hellman key exchange
. 2005-07-22 08:15:19.762 Host key fingerprint is:
. 2005-07-22 08:15:19.762 ssh-rsa 1024 <value_masked>
. 2005-07-22 08:15:19.772 Initialised AES-256 client->server encryption
. 2005-07-22 08:15:19.772 Initialised HMAC-SHA1 client->server MAC algorithm
. 2005-07-22 08:15:19.772 Initialised AES-256 server->client encryption
. 2005-07-22 08:15:19.772 Initialised HMAC-SHA1 server->client MAC algorithm
! 2005-07-22 08:15:19.932 Using username "<user>"..
2005-07-22 08:15:19.932 Reading private key file <private_key>
. 2005-07-22 08:15:19.962 Pageant is running. Requesting keys.
. 2005-07-22 08:15:19.962 Pageant has 0 SSH2 keys
. 2005-07-22 08:15:19.962 Offered public key
. 2005-07-22 08:15:20.033 Offer of public key accepted
! 2005-07-22 08:15:20.033 Authenticating with public key <public_key>
. 2005-07-22 08:15:20.033 Passphrase prompt (Passphrase for key <public_key> )
. 2005-07-22 08:15:38.209 Access granted
. 2005-07-22 08:15:38.339 Opened channel for session
. 2005-07-22 08:15:38.419 Started a shell/command
. 2005-07-22 08:15:38.419 --------------------------------------------------------------




Failure Log - using sftp:// URL : Please note "Key file = No" when using the same session .
. 2005-07-22 08:45:40.841 --------------------------------------------------------------
. 2005-07-22 08:45:40.841 WinSCP Version 3.7.5 (Build 294) (OS 5.1.2600 Service Pack 1)
. 2005-07-22 08:45:40.841 Login time: Friday, July 22, 2005 8:45:40 AM
. 2005-07-22 08:45:40.841 ---------------------------------------------------------------
. 2005-07-22 08:45:40.841 Session name: <user>@<host>
. 2005-07-22 08:45:40.841 Host name: <host> (Port: 22)
. 2005-07-22 08:45:40.851 User name: <user> (Password: No, Key file: No)
. 2005-07-22 08:45:40.851 Transfer Protocol: SCP
. 2005-07-22 08:45:40.851 SSH protocol version: 2; Compression: No
. 2005-07-22 08:45:40.851 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2005-07-22 08:45:40.851 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. 2005-07-22 08:45:40.851 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2005-07-22 08:45:40.851 SSH Bugs: -,-,-,-,-,-,-,-
. 2005-07-22 08:45:40.851 SFTP Bugs: -,-,-
. 2005-07-22 08:45:40.851 Proxy: none
. 2005-07-22 08:45:40.851 Return code variable: Autodetect; Lookup user groups: Yes
. 2005-07-22 08:45:40.851 Shell: default, EOL: 0
. 2005-07-22 08:45:40.851 Local directory: default, Remote directory: /home/<user>/, Update: No, Cache: Yes
. 2005-07-22 08:45:40.851 Cache directory changes: Yes, Permanent: Yes
. 2005-07-22 08:45:40.851 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2005-07-22 08:45:40.851 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. 2005-07-22 08:45:40.851 ---------------------------------------------------------------
. 2005-07-22 08:45:40.851 Looking up host "<host>"
. 2005-07-22 08:45:40.851 Connecting to <ip_address> port 22
. 2005-07-22 08:45:41.161 Server version: SSH-2.0-OpenSSH_4.1
. 2005-07-22 08:45:41.161 We claim version: SSH-2.0-WinSCP_release_3.7.5
. 2005-07-22 08:45:41.161 Using SSH protocol version 2
. 2005-07-22 08:45:41.221 Doing Diffie-Hellman group exchange
. 2005-07-22 08:45:41.482 Doing Diffie-Hellman key exchange
. 2005-07-22 08:45:42.103 Host key fingerprint is:
. 2005-07-22 08:45:42.103 ssh-rsa 1024 <value_masked>
. 2005-07-22 08:45:42.103 Initialised AES-256 client->server encryption
. 2005-07-22 08:45:42.103 Initialised HMAC-SHA1 client->server MAC algorithm
. 2005-07-22 08:45:42.103 Initialised AES-256 server->client encryption
. 2005-07-22 08:45:42.103 Initialised HMAC-SHA1 server->client MAC algorithm
! 2005-07-22 08:45:42.273 Using username "<user>".
. 2005-07-22 08:45:42.323 Keyboard-interactive authentication refused
! 2005-07-22 08:45:42.323 No supported authentication methods left to try!
. 2005-07-22 08:45:42.323 No supported authentications offered. Disconnecting
. 2005-07-22 08:45:42.333 Server closed network connection
* 2005-07-22 08:45:42.333 (ESshFatal) Authentication failed.
* 2005-07-22 08:45:42.333 Authentication log (see session log for details):
* 2005-07-22 08:45:42.333 Using username "<user>".
* 2005-07-22 08:45:42.333 No supported authentication methods left to try!
* 2005-07-22 08:45:42.333
* 2005-07-22 08:45:42.333 Connection has been unexpectedly closed. Server sent command exit status 0.

It works for me :-)
To help locating the bug, please make sure that your session is not named like username@hostname. This way we can know whether WinSCP notices existence of the stored session at all. Because when you use username@hostname format in URL and such stored session does not exist, WinSCP connect to "hostname" using "username".

Thanks for your quick response Martin. I tried creating a session name with a different format but when I type URL sftp://session_name/path/file_name it brings up winscp client with the session name populated in the host_name field. I had to navigate to Stored Sessions select one with session_name, hit login and file got downloaded.

Should the file not download after authentication after i paste URL in Internet Explorer without any further user action (except provong destination for the file)?.

I sure must not be doing something right.

Thanks again for looking into this.

martin wrote:

It works for me :-)
To help locating the bug, please make sure that your session is not named like username@hostname. This way we can know whether WinSCP notices existence of the stored session at all. Because when you use username@hostname format in URL and such stored session does not exist, WinSCP connect to "hostname" using "username".

Of course, your should not be prompted with the login dialog.

So, another test :-)
What if you run WinSCP with the session name as its command line parameter?

martin wrote:

Of course, your should not be prompted with the login dialog.

So, another test :-)
What if you run WinSCP with the session name as its command line parameter?

---------------------------------------------------------------
Tried that but did not work. Also, even if this had worked, the filename (which would be a part of the parameter) will have to be generated each time -- can't have a session being created and stored for every file access.

My main issue is this : we have disabled password authentication and only accept key-authentitcation (with a passphrase) -- to make it more secure.

Per the documentation, the command line accepts
winscp3.exe [(scp|sftp)://][user[:password]@]host[:port][/path/[file]]

I guess what i am looking for is
winscp3.exe [(scp|sftp)://][session][/path/[file]]

If you look at the log, winscp3.exe never recognizes the fact that session [session] has a priv_key associated with it and intitiates a request for password - which does not work in our case.

I hope I made sense in my comments.

Also did you say in your earlier reply that it worked for you ? Does that mean you were able to save a session (not necessarily of the form user@host) with an associated key and able to use that with sftp://[session]/path/file and pull the file down by providing the passphrase and not the password ?

If so then I really am missing something.

Thanks again for your help.

dma2 wrote:

Also did you say in your earlier reply that it worked for you ? Does that mean you were able to save a session (not necessarily of the form user@host) with an associated key and able to use that with sftp://[session]/path/file and pull the file down by providing the passphrase and not the password ?

It should be working. And it did. But it does not anymore. I'm confused. I need to check it.