Howto automatically accept hostkey while synchronizing

Advertisement

DJD
Guest

Howto automatically accept hostkey while synchronizing

Hi,

I'm making a script to copy a directory on a window machine to several linux servers.
Is there any way I can automatically accept the host keys/fingerprint of the linux servers while making a connection for the first time ?

The only thing I know about the linux servers is the IP address and root password.

I'm currently testing with the following command
winscp407.exe root:password@%IP% /synchronize %LOCFOLDER% /install /defaults /log=%0\..\%IP%.log /ini=%0\..\winscp407.ini /hostkey

Reply with quote

Advertisement

Lauri
Guest

syntax of <fingerprint>

Hi

I wan't to specify the "hostkey" switch for the open command.

My current command is like:
open foo:bar@foobar

According to documentation, I think the command should be like:
open foo:bar@foobar -hostkey=<fingerprint>

But whatever I put in the fingerprint, nothing happens when I try to run the script. Nothing is written to log file.
I tried to put:
- ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc
- "ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"
- bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc
- "bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"

What is the correct syntax for the fingerprint?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: syntax of <fingerprint>

Lauri wrote:

But whatever I put in the fingerprint, nothing happens when I try to run the script.
What does it mean nothing? It does not connect? Or it does not accept the key automatically?

Anyway correct format is the second. I.e.:
open foo:bar@foobar  -hostkey="ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"

Reply with quote

keiji
Guest

same issue

Hi
I was looking for the correct syntax for -hostkey=<fingerprint> when I found this thread

Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused

Currently my workaround is to manually accept the key from the GUI in order for it to be in the .ini file cache

Regards,

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: same issue

keiji wrote:

Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused
The -hostkey switch is supported since 4.1.x only.

Reply with quote

Guest

Re: same issue

martin wrote:

keiji wrote:

Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused
The -hostkey switch is supported since 4.1.x only.

Hi, can we use two different fingerprint in same session.Because our target server used 2 fingerprint randomly or clustered server.
Thank you for quick reply.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: same issue

Hi, can we use two different fingerprint in same session.Because our target server used 2 fingerprint randomly or clustered server.
Thank you for quick reply.
Generally WinSCP supports that. Unfortunatelly not via command line. So you have to make sure that both keys are stored in the cache before.
Support for multiple keys on command has been added to the tracker.

Reply with quote

m_cartwright
Guest

Hostkey switch doesn't seem to accept automatically

What is the syntax to use the hostkey switch where it automatically accepts the key. I am using version 4.1.7 from the command line and the only way i can get it to work is if i put in the actual key. However, they change the key from time to time which creates sig admin burden.

Sample of working version
open Username:Password@164.123.123.123:22 -hostkey=\"ssh-dss 1024 90:f9:54:53:3c:2c:b6:6f:c0:fe:8b:b2:83:45:ed:fb\"

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Hostkey switch doesn't seem to accept automatically

m_cartwright wrote:

What is the syntax to use the hostkey switch where it automatically accepts the key.
There's no such switch. It is nonsense. Why do you use slow and CPU intensive secure protocol, if you are willing to break the only thing that makes it secure. Use FTP then.

Reply with quote

m_cartwright
Guest

Hostkey

Unfortunately not my decision, it is customers decision to use SFTP. However, according to documenation on this page (https://winscp.net/eng/docs/scripting), "To automate the verification in script, you can use command-line parameter hostkey (or switch of open command with the same name) to accept the expected hostkey automatically. " Maybe I just misread that it doesn't "automatically" accept, rather it will only accept whatever key you have put in. Thanks for the help.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: Hostkey

m_cartwright wrote:

Unfortunately not my decision, it is customers decision to use SFTP.
Then your customers probably want to make the connection secure. Forcing the hostkey to be accepted automatically is basically the same as if you post your account and password to the internet. If guess they would not like it.

Maybe I just misread that it doesn't "automatically" accept, rather it will only accept whatever key you have put in. Thanks for the help.
Right. It automatically accepts the "expected hostkey" (the hostkey you have put in).

Reply with quote

PK
Guest

/hostkey switch ignored?

I am trying to script a download with winscp418. My syntax is:

winscp418.exe /console /privatekey="C:\private\mykey.ppk" /hostkey="ssh-dss 1024 49:24:35:76:aa:f3:89:a3:d7:c1:58:d3:00:c8:82:70" /command "option transfer binary" "open PK@securehost.mydomain.com" "lcd C:\temp\" "get myfile.zip" "exit"

Although I have specified the host key, I am still prompted to accept the exact same key:

...
The server's dss key fingerprint is:
ssh-dss 1024 49:24:35:76:aa:f3:89:a3:d7:c1:58:d3:00:c8:82:70
If you trust this host, press Yes...

Whether I answer Yes or No, the download goes through sucessfully, so I am pretty sure I have the other parts of this set up correctly - but it will obviously not run unattended. I tried setting the option batch on, but this just made the script fail consistently. What I am doing wrong?


Thanks - PK

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: /hostkey switch ignored?

Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.

Reply with quote

Guest

Re: /hostkey switch ignored?

martin wrote:

Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.

I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?


Thanks for your help - PK

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: /hostkey switch ignored?

I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?
Please read FAQ. If that does not help, come back.

Reply with quote

fenstermakera
Guest

try batch continue

adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: try batch continue

fenstermakera wrote:

adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.
Never ever do that!
Enhancement to prevent that has been added to tracker.

Reply with quote

MrElliot
Guest

Re: try batch continue

martin wrote:

fenstermakera wrote:

adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.
Never ever do that!
Enhancement to prevent that has been added to tracker.

Prikryl,
I understand why you should use host keys, but maybe you need to look at it another way. Here is is our example why you should not fix this 'bug'.

In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key. So if you calculate this, you get 350 total logins, instead of one command line switch to auto accept the host key. This doesn't include when there is new Admin employees or if the script is used by another department. This really slows down any automation process not having this feature.

I have Googled the net for days off and on looking how to make your hostkey switch work. I agree with m_cartwright, I thought it was an automatic accept switch as well. Maybe update you docs. "option batch continue" worked for me as well.

Just an FYI to anyone else that is looking... We were also using the recompiled plink by vintela 0.57vrc0.1(now by quest) that used the '-auto_store_key_in_cache' switch. Looks like Quest's putty 0.60 still supports it.

Please Reconsider disabling this 'bug'! Make it a feature with a warning, "This is not recommended." Update the documentation on the correct syntax and a warning.

- We are Admins and IT professionals not children, leave it up to us to bring down the enterprise. And if we do....always at 4:30pm on Friday. :shock:

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: try batch continue

MrElliot wrote:

In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key. So if you calculate this, you get 350 total logins, instead of one command line switch to auto accept the host key. This doesn't include when there is new Admin employees or if the script is used by another department. This really slows down any automation process not having this feature.

I have Googled the net for days off and on looking how to make your hostkey switch work. I agree with m_cartwright, I thought it was an automatic accept switch as well. Maybe update you docs. "option batch continue" worked for me as well.
Sorry, but that fact that you were not able to find how to use the -hostkey switch is not a reason to add "auto accept all hostkeys" option.

I have added more details and an example to documentation few days ago. Is it understandable now? If not, please suggest what you miss.

Reply with quote

Guest

Re: /hostkey switch ignored?

Anonymous wrote:

martin wrote:

Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.

I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?


Thanks for your help - PK

I am getting this same error via winscp.com /script ....

How are we suppose to be doing this without using "option batch continue"?

Thanks,
Casey

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: /hostkey switch ignored?

Anonymous wrote:

I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?

I am getting this same error via winscp.com /script ....

How are we suppose to be doing this without using "option batch continue"?
See my reply above to the post you are quoting.
Last edited by martin on 2009-05-05; edited 1 time in total

Reply with quote

Guest

Re: try batch continue

martin wrote:

MrElliot wrote:

In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key.
Sorry, but that fact that you were not able to find how to use the -hostkey switch is not a reason to add "auto accept all hostkeys" option.

I have added more details and an example to documentation few days ago. Is it understandable now? If not, please suggest what you miss.

After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: try batch continue

After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).
Learn what hostkeys are good for to find an answer yourself.

Reply with quote

martin
Site Admin
martin avatar

Re: /hostkey switch ignored?

keith wrote:

your question is so good i am also engage with this problem because here we should different parameters for this work but how can we use or start the syntax for it.
Sorry, I do not understand, neither I know to what post your are reacting.

Reply with quote

Advertisement

Samir Thakur
Guest

I tried using syntax
open sftp://martin@example.com -hostkey="ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

as suggested in the documentation. However it seems that the hostkey switch works only in development environment of SSIS. When I deploy the solution to server it gives me the error

"Too many parameters for command 'open'. option transfer binary transfer binary "

I am sure I am using precisely the same syntax as per the documnentation (with place holders replaces appropriately).

Could you help me if it is someother syntax or anything else. I am currently using 4.1.9 which seems to be latest non beta version with SFTP protocol on standard port 22

Reply with quote

new guest
Guest

I hate to say this, but reality that the all the document to show how to automatically accept the key doesn't work. What the user need is just one example (a command line) and where to find the correct version of the software. I read through the document, and can not make it works even I know what I need is just a one correct command line. :wink:

Reply with quote

restardo
Guest

I have a similar case where we've referenced 3 user accounts in accessing a sftp server. Our automation works before seamlessly with one user but now it is prompting to accept the fingerprint randomly. Is it possible to update/add the "ini" file with several hostkeys? What does host-key comprises (e.g. target server and username)?

Reply with quote

Advertisement

Guest
Guest

Samir Thakur wrote:


"Too many parameters for command 'open'."

I have got this error, and it turned out that I was placing spaces on two sides of the "=" sign. After removing the spaces I didn't get the error. So check that to eliminate one cause.

-hostkey = "............
-hostkey="...........

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

restardo wrote:

Is it possible to update/add the "ini" file with several hostkeys?
Yes, if you use the latest version.
What does host-key comprises (e.g. target server and username)?
Host key is specific to the host only, if that's what you ask for.

Reply with quote

ofkain
Guest

I've done this by adding a section to ini file :

[SshHostKeys]
rsa2@22***************************

This line could be obtained by executing manually winscp and reading in the ini modified ( the line is uncrypted )
This is certainly not the best method, but it doesn't compromise security and it works.

Reply with quote

Hiro
Guest

Re: try batch continue

martin wrote:

After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).
Learn what hostkeys are good for to find an answer yourself.

Thank you for the administrative registry option to make the software less secure if needed (linked in your info above). My company has a process they usually use ftp for that one vendor uses sftp for, and my boss definitely wanted it to be more willing to accept server changes without hiccup rather than it being more secure (I asked her again after reading your page).

It's not quite as insecure as raw ftp, as a listener must be able to spoof DNS successfully, not just observer the packets.

And even regular ftp is better than posting the username password on the internet, as an attacker must observe your actual packets, not just reference them from a static 3rd party any time.

But being picky about the host key is a big part of what makes SFTP secure, but I very much appreciate you informing us and giving us the freedom to choose.


PS -hostkey=any or -hostkey=ImTooTrustingToCheckWhoIGiveMyPasswordTo would let people who want security on some connections but not others (not us, our server only handles low security connections). But those people could do the same thing by using your nifty advanced automation instructions at https://winscp.net/eng/docs/guide_automation_advanced to automatically accept the key if it changes, or respond to a new key in a more secure way (ask an admin to approve it, etc).

Reply with quote

Advertisement

Guest

Re: try batch continue

Hiro wrote:


Thank you for the administrative registry option to make the software less secure if needed (linked in your info above).

Actually it seems I may have been confused about DisableAcceptingHostKeys option.

I had a key cached in the INI file for 4.19 and it accepts the connection even though DisableAcceptingHostKeys was on (as long as the key matches).

It seems to kill the session however, if the key does not match.

I guess I will have to use the 4.19 feature of Option Batch Continue, and add my voice to those asking for a -hostkey="DNS Hackers can steal my password" option in 4.24.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: try batch continue

I had a key cached in the INI file for 4.19 and it accepts the connection even though DisableAcceptingHostKeys was on (as long as the key matches).

It seems to kill the session however, if the key does not match.
That's what the option is meant for.

Reply with quote

Guest

Auto accept any hostkey :O)

I too have a need to script winSCP to use the current key on a system, which I do not know in advance and have a work around. For those of you with the need here is how I solved the problem...

I have a batch file which basically attempts a connection to the server which obtains the current key, and which of course fails. Then I setup my real connection providing the key I just obtained.

The batch file is:

for /F "tokens=1-4 delims=\n" %%a in ('winscp.com /console /command "option batch on" "option confirm off" "open <userID>:<password>@192.168.1.10" "exit" ^| findstr ssh') do set SSHKEY=%%a
winscp.com /console /script=scp.txt /parameter "%SSHKEY%"

The scp.txt is as follows:
# Automatically answer all prompts negatively not to stall
# the script on errors
option batch on
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect using a password
# open user:password@example.com
# Connect
open -hostkey="%1%" <userID>:<password>@192.168.1.10
# Change remote directory
cd /var/log/
# Force binary mode transfer
option transfer binary
# Download file to the local directory 
get messages log\
# Disconnect
close
# Exit WinSCP
exit

It needs tidying and error case handling etc etc. but here are the basics for your consumption.

Reply with quote

Guest

Re: try batch continue

My usage case is that I rent up 20-50 servers from Amazon (EC2) for an average of two hours (for heavy load processing), after that the instances are terminated. I do not have any sensitive data and I would not care if someone was able to hack the servers for the two hours, the risk as well as the potential damage is low.

At the moment I need to manually open a the WinSCP for each server to accept their fingerprint. After that, I run WinSCP scripts to control the processing needed. Is there an easier way to accept the fingerprints. The nature of my processing makes WinSCP the best tool to use, apart from the acceptance of fingerprints.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: try batch continue

Anonymous wrote:

My usage case is that I rent up 20-50 servers from Amazon (EC2) for an average of two hours (for heavy load processing), after that the instances are terminated. I do not have any sensitive data and I would not care if someone was able to hack the servers for the two hours, the risk as well as the potential damage is low.
Isn't there any other way to access the servers apart from SSH?

Reply with quote

Guest
Guest

Host key error

Hi,

I am getting a popup as hostkey not identified though I am using the automated hostkey verification in my command.

Following is the example -

C:\"Program Files"\WinSCP\winscp.exe sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""

Also, my local machine has winscp and my ftp machine has winscp3.

Can you please help me out in getting the error resolved?

Regards,
SHreyas Wadi

Reply with quote

martin
Site Admin
martin avatar

Re: Host key error

You may have problems due to the quotes. Have you tried:
"C:\Program Files\WinSCP\winscp.exe" sftp://xxxx.xxxx@ftp.xxxx.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

Reply with quote

Guest
Guest

Re: Host key error

Hi,
Thanks for the reply.

Yes I have tried with it, but still it is giving out a pop up for the host key.

Is there any change in syntax for command line option for winscp and winscp3?

Kind Regards,
Shreyas Wadi

martin wrote:

You may have problems due to the quotes. Have you tried:
"C:\Program Files\WinSCP\winscp.exe" sftp://xxxx.xxxx@ftp.xxxx.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Host key error

Guest wrote:

Is there any change in syntax for command line option for winscp and winscp3?
Well winscp3 did not support the switch. What version of WinSCP are you using?

Reply with quote

Al
Guest

Re: Host key error

Guest wrote:

Hi,

I am getting a popup as hostkey not identified though I am using the automated hostkey verification in my command.

Following is the example -

C:\"Program Files"\WinSCP\winscp.exe sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""

Also, my local machine has winscp and my ftp machine has winscp3.

Can you please help me out in getting the error resolved?

Regards,
SHreyas Wadi

I got it to work in this form:
winscp \command "open sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"" "

Reply with quote

Guest

Re: Host key error

Al wrote:


I got it to work in this form:
winscp \command "open sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"" "

prikryl: Please add this -hostkey=""<key>"" syntax to the documentation. I searched for an hour trying to make this work, and this was the answer. Nowhere in the documentation does it say how to specify -hostkey on a command line -- the only way is to use double quotes.

For reference, here is my script which works:

"C:\Program Files\WinSCP\WinSCP.exe" /console /log=winscp.log /command "option batch on" "option confirm off" "open user:password@example.com -hostkey=""ssh-rsa 2048 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11"" " "get /home/backups/* c:\backups\*" "exit"


-----
Twitter: @willbradley

Reply with quote

Advertisement

Dino77
Joined:
Posts:
2
Location:
Boston

I've been searching about the topic. View this link for further information articles.slicehost.com/2011/4/18/checking-a-server-s-ssh-host-fingerprint-with-the-web-console

Reply with quote

braindancer
Guest

Ditto on the Amazon use case above. I have no practical ability to know the host keys of my servers in advance, nor do I have any desire to do so. They are all compute nodes that only exist for a short while. If not for this key verification, I would be able to fully automate node setup process.

Why not just add an option and let people decide whether they want to use it or not?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

braindancer wrote:

Ditto on the Amazon use case above. I have no practical ability to know the host keys of my servers in advance, nor do I have any desire to do so. They are all compute nodes that only exist for a short while. If not for this key verification, I would be able to fully automate node setup process.
Do you know, what's the purpose of Amazon using SSH then?

Reply with quote

Advertisement

India2pA
Guest

winscp open error Too many parameters for command 'open'

Here is my code , This seems to be working for another account (sEFTUserName ) for my colleague but for my sEFTUserName account its giving an error .

    winscp.StandardInput.WriteLine("open sftp://" + sEFTUserName + "@" + sRemoteHost + " -privatekey=" + sPvtKey + " -hostkey=" + serverhostkey);

Below is the LOG 
winscp> option batch continue
batch           continue  
winscp> option confirm off
confirm         off       
winscp> open sftp://CMSxfer@eftmodel.gmacm.com:8022 -privatekey=C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\WinSCP\CMSxfer.ppk -hostkey="ssh-rsa 1024 8c:c3:48:ab:32:65:29:38:00:1a:49:22:c9:96:e5:3d"
Too many parameters for command 'open'.
winscp> cd /To_Custodian_Extract_Dev
No session.
winscp> put C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\Imported_Files\collateral_file_03012012 1703.csv
No session.
winscp>

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: winscp open error Too many parameters for command 'open'

You have to encluse the value of -privatekey switch to double-quotes:
    winscp.StandardInput.WriteLine("open sftp://" + sEFTUserName + "@" + sRemoteHost + " -privatekey=\"" + sPvtKey + "\" -hostkey=" + serverhostkey);

...
winscp> open sftp://CMSxfer@eftmodel.gmacm.com:8022 -privatekey="C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\WinSCP\CMSxfer.ppk" -hostkey="ssh-rsa 1024 8c:c3:48:ab:32:65:29:38:00:1a:49:22:c9:96:e5:3d"
Last edited by martin on 2012-03-19; edited 1 time in total

Reply with quote

timfoster
Guest

Cannot establish connection

I have tried for the last few days to get this working.

I have a file that's exported from my SQL Server to a text file. The file gets zipped with 7z and I then need to send this file to a secure FTP location. I have a private key file but I can't get a conntection established at all.

I have tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
where xx is the fingerprint found in the server/protocols dialog. Running this I get a message saying the server's host key was not found. It says the key is a different value.

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy"
where yy is the fingerprint reported from the statement above. Running this I get a password prompt.

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.

It may be that I'm doing something very obvious, but I can't see what. Can somebody please help?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: Cannot establish connection

timfoster wrote:

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.
Can you login with that key from GUI?

Reply with quote

Advertisement

timfoster
Joined:
Posts:
1

Re: Cannot establish connection

martin wrote:

timfoster wrote:

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.
Can you login with that key from GUI?

Yes, The key isn't a problem at all. I can log in manually through the GUI and transfer files without any problem.

Reply with quote

martin
Site Admin
martin avatar

Re: Cannot establish connection

timfoster wrote:

Yes, The key isn't a problem at all. I can log in manually through the GUI and transfer files without any problem.
Please post a full log file both for GUI and script.

Reply with quote

joep3joep3@gmail.com
Joined:
Posts:
5
Location:
07011

Re: syntax of <fingerprint>

I am trying to use hostkey with no luck. I was told by my lan manager that i pkace the ppt file with the private/public key on the server /etc/ssh dir. I was told to use the public key in a script.

No matter how i open the fingerprint is 6 lines. The examples show hex code separated by hypens. In my ppt file the public signature is way over 255 chars and has no hyphens. What am i missing?

Reply with quote E-mail

martin
Site Admin
martin avatar
Joined:
Posts:
41,405
Location:
Prague, Czechia

Re: syntax of <fingerprint>

joep3joep3@gmail.com wrote:

I am trying to use hostkey with no luck. I was told by my lan manager that i pkace the ppt file with the private/public key on the server /etc/ssh dir. I was told to use the public key in a script.

No matter how i open the fingerprint is 6 lines. The examples show hex code separated by hypens. In my ppt file the public signature is way over 255 chars and has no hyphens. What am i missing?
I assume you mean PPK (PuTTY private key), not PPT (PowerPoint).
PPK files have nothing to do with server host key.
See https://winscp.net/eng/docs/ssh_keys
And https://winscp.net/eng/docs/faq_hostkey

Reply with quote

Advertisement

You can post new topics in this forum