SFTP Connection Requiring Password to Open SSH Keyring File on Remote Server from PS/.Net script

Advertisement

deand
Joined:
Posts:
2
Location:
MN, US

SFTP Connection Requiring Password to Open SSH Keyring File on Remote Server from PS/.Net script

I am calling WinSCP via a PS command line/.Net WinSCP script. This script connects to a remote SFTP site using UserName/Password and SSH Auth. The FTP site host allows a password to be passed but is ignoring it; only using SSH authentication. The command is being initiated from computer 'A' (client) on the same network/domain as Computer 'B' (App server). WinSCP and the SSH Keyring both reside on computer 'B'. If I call the command with the WinSCP Password parm enabled, the SFTP site connection is successful and the script completes successfully. If I disable the Password parm, the script fails (see attached error messages from PS script console). If I run the same PS Command/script locally on the Computer 'B' regardless of Password parm is enabled or disabled, I get a successful site connection and script execution. If I copy the SSH keyring to a local drive on Computer 'A' and run the same PS command locally regardless of Password parm enabled or disabled, I get a successful site connection and script execution.
So the issue seems to be related to requiring a password to open the SSH keyring on a different computer than the computer running the PS/WinSCP command.
I am not sure if this is a WinSCP issue or a computer security-related issue. Can you provide guidance on what I need to change or configure so that I am able to open the SSH Keyring file on the remote computer without requiring the Password parm in the script?
  • WinSCP SFTP Connect Fails 2021-02-09_15-55-50.png (87.88 KB, Private file)

Reply with quote

Advertisement

deand
Joined:
Posts:
2
Location:
MN, US

Re: SFTP Connection Requiring Password to Open SSH Keyring File on Remote Server from PS/.Net script

I discovered the problem is related to the folder path to the keyring defined using a mapped drive letter (user ID and password credentials required) versus using a UNC path (no credentials required). This assumes I am running the script under a user credential that already has appropriate access permission to the UNC path on the remote server.
I want to note the script code I used came directly from the WinSCP UI .Net Assembly script generation tool. By default, the generated script created folder paths Session variable values (re: SshPrivateKeyPath) with a drive letter, not a UNC path.
There could be some Windows security policy changes made to allow remote connections using drive letters instead of UNC path without requiring a user ID and password, but from what I've read, it sounds like altering (re: loosening) security policies is not best practice for a number of reasons.
There may be an enhancement opportunity here for WinSCP to generate a folder path with the UNC naming convention instead of drive letter, or give the user the option to select the path name convention when generating the script.
I consider this issue resolved, but I will leave this post up in case someone else encounters the same issue.

Reply with quote

Advertisement

You can post new topics in this forum