Connection Tunneling via Command-Line options / Passphrase for private key

Advertisement

p-st
Donor
Joined:
Posts:
6

Connection Tunneling via Command-Line options / Passphrase for private key

Hi!

I'm launching a WinSCP session via command-line options, which works great! Now I want to launch a WinSCP session, which uses a SSH tunnel. I managed to do it with the Raw Site Settings "Tunnel*". I would have one feature request - it would be nice if there would be an option for setting the passphrase for the private key, e.g. with a new option TunnelPassphrase, like it is already available in the command-line options for the session (/privatekey and /passphrase). Would this be possible?

Another thing I stumbled upon is the option TunnelPublicKeyFile, which stands for the private key. It is no big deal but why isn't it called "TunnelPrivateKeyFile"?

Thanks for the great work!

Regards
Patrick

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
36,205
Location:
Prague, Czechia

Re: Connection Tunneling via Command-Line options / Passphrase for private key

I cannot test right now, but I believe that the -passphrase would be used even for tunnel.

Regarding the PublicKeyFile: Some of registry settings names, including this one, are inherited from PuTTY. I do not know why they chose this name.

Reply with quote

p-st
Donor

Thanks for your answer!

If the session passphrase can be used for the private key of the tunnel, then how can I set separate passphrases in case there is a different private key with a different passphrase for the session and the tunnel?

Reply with quote

martin
Site Admin
martin avatar

You cannot. But in general, what prevents you from using the same passphrase for both? You can even use the same private key for both servers.

Reply with quote

p-st
Donor
Joined:
Posts:
6

Ok, I agree. But even when the private keys have the same passphrase, you'll have to manually enter the passphrase for the tunnel key. I made a test with two different private keys. Both have the same passphrase:

Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings Tunnel=1 TunnelLocalPortNumber=0 TunnelHostName=my_jumphost TunnelPortNumber=22 TunnelUserName=tunnel_username TunnelPasswordPlain=*** TunnelPublicKeyFile=my_tunnel_private_key.ppk
WinSCP will ask the user to enter the passphrase for the tunnel. After entering the passphrase manually, the session will open up without a prompt. So I think the option /passphrase is ignored by the Tunnel feature.

When using plink, it works without a prompt at all, because plink will accept -pw as passphrase:

Command-line:
"C:\WinSCP\WinSCP.exe" scp:ec2-user@10.16.35.7:22/home/ec2-user/ /privatekey=D:\my_private_key.ppk /passphrase=*** /rawsettings ProxyMethod=5 ProxyTelnetCommand="""C:\\PuTTY\\plink.exe"" -P 22 -l tunnel_username my_jumphost -nc 10.16.35.7:22 -i ""my_tunnel_private_key.ppk"" -pw "***""
So using the native WinSCP tunneling feature, I think there is no way to suppress the passphrase prompt for the private key of the tunnel (except of course if you use pageant).

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
36,205
Location:
Prague, Czechia

You are right.

I have added this issue to the tracker:
https://winscp.net/tracker/2029

I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.

Use TunnelPassphrasePlain raw session settings.

Reply with quote

p-st
Donor

I can confirm that – using the development version of WinSCP – it is now possible to set the passphrase for the tunnel key via command-line raw setting TunnelPassphrasePlain, so that the session will open up without the passphrase prompt. Thank you very much!

Reply with quote

Advertisement

You can post new topics in this forum