Send fails when using script, using GUI works flawless

Advertisement

Alfadat
Guest

Send fails when using script, using GUI works flawless

WinSCP Ver 5.19.6
Windows Server 2019

Script (passwords and site replaced with x for confidentiality):
/log="C:\writable\path\to\log\WinSCP.log" /ini=nul /command "open sftp://xxxx@xxxxx.com/ -hostkey=""ssh-rsa 4096 xxxxxxxxxx="" -privatekey=""E:\xxx\keys\xxxxx_private_key.ppk"" -passphrase=""xxxxxxx"" -rawsettings AgentFwd=1 ConsiderDST=0" "Your command 1" "Your command 2" "exit"
Script Screen Output (at the command prompt):
Searching for host...
Connecting to host...
Authenticating...
Using username "xxxx".
Authenticating with public key "xxxx".
Further authentication required
Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "xxxxxx".
Welcome to the xxxx SSH server.   
Authenticating with public key "xxxxxx".
Further authentication required
Authentication failed.
Thanks in advance for your help!!!

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
37,591
Location:
Prague, Czechia

Re: Send fails when using script, using GUI works flawless

The logs are anonymized too much to be of any use for debugging your problem.
Does your script contain password in the session URL (in addition to the private key passphrase)? It looks like it does not – Password: No.

Reply with quote

Alfadat
Joined:
Posts:
4
Location:
USA

Re: Send fails when using script, using GUI works flawless

Thanks @Martin.

The only data replaced because of privacy are the IP address of the recipient, the usernames and passwords, the rest is valid data.

Via GUI the connection is established with Private Keys and a passphrase, and then no problems to send the file, by another side the script recognizes the use of a passphrase, but it seems like is still asking for another password?

Reply with quote

Alfadat
Joined:
Posts:
4
Location:
USA

Thanks again Martin, I entered the pw using the parameter -password= and still the server does not allow the connection, but via GUI it works (same password stored in the Session Manager of course).

Final part of the logs using the script:
. 2022-06-03 09:30:16.935 Further authentication required
. 2022-06-03 09:30:16.935 Server offered these authentication methods: password,hostbased@localhost.com,keyboard-interactive
. 2022-06-03 09:30:16.935 Attempting keyboard-interactive authentication
. 2022-06-03 09:30:16.946 Prompt (keyboard interactive, "SSH server: password", "Enter password for xxxx", "Password:")
. 2022-06-03 09:30:16.946 Using stored password.
< 2022-06-03 09:30:16.946 Script: Authenticating with pre-entered password.
. 2022-06-03 09:30:17.758 Keyboard-interactive authentication failed
! 2022-06-03 09:30:17.758 Access denied
< 2022-06-03 09:30:17.758 Script: Access denied.
. 2022-06-03 09:30:17.759 Server offered these authentication methods: password,hostbased@localhost.com,keyboard-interactive
. 2022-06-03 09:30:17.759 Attempting keyboard-interactive authentication
. 2022-06-03 09:30:17.814 Prompt (keyboard interactive, "SSH server: password", "Enter password for xxx", "Password:")
. 2022-06-03 09:30:17.814 User aborted during keyboard-interactive authentication
. 2022-06-03 09:30:17.814 Attempt to close connection due to fatal exception:
* 2022-06-03 09:30:17.814 **Connection has been unexpectedly closed.** Server sent command exit status 0.
. 2022-06-03 09:30:17.814 Closing connection.
< 2022-06-03 09:30:17.815 Script: Connection has been unexpectedly closed. Server sent command exit status 0.
< 2022-06-03 09:30:17.815 Authentication log (see session log for details):
< 2022-06-03 09:30:17.815 Using username "xxx".
< 2022-06-03 09:30:17.815 Welcome to the xxxxx SSH server.   
< 2022-06-03 09:30:17.815 Authenticating with public key "xxx".
< 2022-06-03 09:30:17.815 Further authentication required
< 2022-06-03 09:30:17.815 Access denied.
< 2022-06-03 09:30:17.815 
 
< 2022-06-03 09:30:17.815 Authentication failed.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
37,591
Location:
Prague, Czechia

Re: Send fails when using script, using GUI works flawless

Either I'm missing something or you contradict yourself.

The GUI log shows that you server needs both private key and password to authenticate. And as the private key is encrypted, WinSCP needs also the private key passphrase.
! 2022-05-31 23:45:28.530 Authenticating with public key "xxxxxxx"
. 2022-05-31 23:45:28.565 Prompt (passphrase, "SSH key passphrase", <no instructions>, "Passphrase for key "ecdsa-key-20210322": ")
. 2022-05-31 23:45:32.163 Sent public key signature
! 2022-05-31 23:45:32.218 Further authentication required
. 2022-05-31 23:45:32.229 Further authentication required
. 2022-05-31 23:45:32.229 Server offered these authentication methods: password,hostbased@localhost.com,keyboard-interactive
. 2022-05-31 23:45:32.229 Attempting keyboard-interactive authentication
. 2022-05-31 23:45:32.279 Prompt (keyboard interactive, "SSH server: password", "Enter password for xxxx", "Password:")
. 2022-05-31 23:45:32.279 Using stored password.
So it should not be surprising that the script "is still asking for another password", if you didn't provide any.
And then you wrote that you have tried to use same password stored in the Session Manager – so what password, if you seem to imply that the GUI does not need any?
Apparently, you didn't use the same password as in the GUI.

Have the GUI generate a script template for you to make sure you have all settings identical:
https://winscp.net/eng/docs/ui_generateurl#script
You still might need to add the -passphrase manually.

Reply with quote

Alfadat
Joined:
Posts:
4
Location:
USA

Re: Send fails when using script, using GUI works flawless

Thanks again Martin, I don't intend to confuse you (sorry if I'm not expressing well myself), this is the one line script that should contain all, right:
open sftp://username@sftpmft.vendor.com/ -hostkey="ssh-rsa 4096 zto27EqQrasdfasdfsdfWmNIYsdfsdfsdfsdfsd=" -password="****"  -privatekey="E:\ftp\keys\private_key.ppk" -passphrase="xxxxx" -rawsettings AgentFwd=1 ConsiderDST=0
Still, the authentication fails...

Reply with quote

martin
Site Admin
martin avatar

Re: Send fails when using script, using GUI works flawless

So please post a log file for that script.
I also suggest you enable password logging both in the GUI and the script (/loglevel=*) and check if both use the same password.

Reply with quote

Alfadat
Joined:
Posts:
4
Location:
USA

Re: Send fails when using script, using GUI works flawless

Martin, doing a deeper review of the logs and being able to trace the passwords, I found the password that was used in GUI was "slightly" different than the password used on the script... solving that resolved the whole problem, including the utilization of the -passphrase parameter.

I really appreciate your patience, your feedback was key to resolving the issue.

Thanks again!

All the best,

Reply with quote

Advertisement

You can post new topics in this forum