Topic "Howto automatically accept hostkey while synchronizing"

Author Message
DJD

Guest


Hi,

I'm making a script to copy a directory on a window machine to several linux servers.
Is there any way I can automatically accept the host keys/fingerprint of the linux servers while making a connection for the first time ?

The only thing I know about the linux servers is the IP address and root password.

I'm currently testing with the following command
winscp407.exe root:password@%IP% /synchronize %LOCFOLDER% /install /defaults /log=%0\..\%IP%.log /ini=%0\..\winscp407.ini /hostkey
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Please read documentation. If that does not help, come back.
_________________
Martin Prikryl
Lauri

Guest


Hi

I wan't to specify the "hostkey" switch for the open command.

My current command is like:
open foo:bar@foobar

According to documentation, I think the command should be like:
open foo:bar@foobar -hostkey=<fingerprint>

But whatever I put in the fingerprint, nothing happens when I try to run the script. Nothing is written to log file.
I tried to put:
- ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc
- "ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"
- bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc
- "bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"

What is the correct syntax for the fingerprint?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Lauri wrote:
But whatever I put in the fingerprint, nothing happens when I try to run the script.

What does it mean nothing? It does not connect? Or it does not accept the key automatically?

Anyway correct format is the second. I.e.:
Code:
open foo:bar@foobar  -hostkey="ssh-rsa 1024 bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc:bc"

_________________
Martin Prikryl
keiji

Guest


Hi
I was looking for the correct syntax for -hostkey=<fingerprint> when I found this thread

Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused

Currently my workaround is to manually accept the key from the GUI in order for it to be in the .ini file cache

Regards,
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
keiji wrote:
Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused

The -hostkey switch is supported since 4.1.x only.
_________________
Martin Prikryl
Guest




prikryl wrote:
keiji wrote:
Although I had guessed the correct syntax, I am observing the same issue in version 4.0.7 (build 370) i.e. hostkey isn't accepted automatically and connection is refused

The -hostkey switch is supported since 4.1.x only.


Hi, can we use two different fingerprint in same session.Because our target server used 2 fingerprint randomly or clustered server.
Thank you for quick reply.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
Hi, can we use two different fingerprint in same session.Because our target server used 2 fingerprint randomly or clustered server.
Thank you for quick reply.

Generally WinSCP supports that. Unfortunatelly not via command line. So you have to make sure that both keys are stored in the cache before.
Support for multiple keys on command has been added to the tracker.
_________________
Martin Prikryl
m_cartwright

Guest


What is the syntax to use the hostkey switch where it automatically accepts the key. I am using version 4.1.7 from the command line and the only way i can get it to work is if i put in the actual key. However, they change the key from time to time which creates sig admin burden.

Sample of working version
open Username:Password@164.123.123.123:22 -hostkey=\"ssh-dss 1024 90:f9:54:53:3c:2c:b6:6f:c0:fe:8b:b2:83:45:ed:fb\"
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
m_cartwright wrote:
What is the syntax to use the hostkey switch where it automatically accepts the key.

There's no such switch. It is nonsense. Why do you use slow and CPU intensive secure protocol, if you are willing to break the only thing that makes it secure. Use FTP then.
_________________
Martin Prikryl
m_cartwright

Guest


Unfortunately not my decision, it is customers decision to use SFTP. However, according to documenation on this page (https://winscp.net/eng/docs/scripting), "To automate the verification in script, you can use command-line parameter hostkey (or switch of open command with the same name) to accept the expected hostkey automatically. " Maybe I just misread that it doesn't "automatically" accept, rather it will only accept whatever key you have put in. Thanks for the help.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
m_cartwright wrote:
Unfortunately not my decision, it is customers decision to use SFTP.

Then your customers probably want to make the connection secure. Forcing the hostkey to be accepted automatically is basically the same as if you post your account and password to the internet. If guess they would not like it.

Quote:
Maybe I just misread that it doesn't "automatically" accept, rather it will only accept whatever key you have put in. Thanks for the help.

Right. It automatically accepts the "expected hostkey" (the hostkey you have put in).
_________________
Martin Prikryl
PK

Guest


I am trying to script a download with winscp418. My syntax is:

winscp418.exe /console /privatekey="C:\private\mykey.ppk" /hostkey="ssh-dss 1024 49:24:35:76:aa:f3:89:a3:d7:c1:58:d3:00:c8:82:70" /command "option transfer binary" "open PK@securehost.mydomain.com" "lcd C:\temp\" "get myfile.zip" "exit"

Although I have specified the host key, I am still prompted to accept the exact same key:

...
The server's dss key fingerprint is:
ssh-dss 1024 49:24:35:76:aa:f3:89:a3:d7:c1:58:d3:00:c8:82:70
If you trust this host, press Yes...

Whether I answer Yes or No, the download goes through sucessfully, so I am pretty sure I have the other parts of this set up correctly - but it will obviously not run unattended. I tried setting the option batch on, but this just made the script fail consistently. What I am doing wrong?


Thanks - PK
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.
_________________
Martin Prikryl
Guest




prikryl wrote:
Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.


I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?


Thanks for your help - PK
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?

Please read FAQ. If that does not help, come back.
_________________
Martin Prikryl
fenstermakera

Guest


adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
fenstermakera wrote:
adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.

Never ever do that!
Enhancement to prevent that has been added to tracker.
_________________
Martin Prikryl
MrElliot

Guest


prikryl wrote:
fenstermakera wrote:
adding "option batch continue" made my script skip the prompt about adding fingerprint to cache - I didn't have to use -hostkey switch on open either.

Never ever do that!
Enhancement to prevent that has been added to tracker.


Prikryl,
I understand why you should use host keys, but maybe you need to look at it another way. Here is is our example why you should not fix this 'bug'.

In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key. So if you calculate this, you get 350 total logins, instead of one command line switch to auto accept the host key. This doesn't include when there is new Admin employees or if the script is used by another department. This really slows down any automation process not having this feature.

I have Googled the net for days off and on looking how to make your hostkey switch work. I agree with m_cartwright, I thought it was an automatic accept switch as well. Maybe update you docs. "option batch continue" worked for me as well.

Just an FYI to anyone else that is looking... We were also using the recompiled plink by vintela 0.57vrc0.1(now by quest) that used the '-auto_store_key_in_cache' switch. Looks like Quest's putty 0.60 still supports it.

Please Reconsider disabling this 'bug'! Make it a feature with a warning, "This is not recommended." Update the documentation on the correct syntax and a warning.

- We are Admins and IT professionals not children, leave it up to us to bring down the enterprise. And if we do....always at 4:30pm on Friday. Shocked
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
MrElliot wrote:
In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key. So if you calculate this, you get 350 total logins, instead of one command line switch to auto accept the host key. This doesn't include when there is new Admin employees or if the script is used by another department. This really slows down any automation process not having this feature.

I have Googled the net for days off and on looking how to make your hostkey switch work. I agree with m_cartwright, I thought it was an automatic accept switch as well. Maybe update you docs. "option batch continue" worked for me as well.

Sorry, but that fact that you were not able to find how to use the -hostkey switch is not a reason to add "auto accept all hostkeys" option.

I have added more details and an example to documentation few days ago. Is it understandable now? If not, please suggest what you miss.
_________________
Martin Prikryl
Guest




Anonymous wrote:
prikryl wrote:
Either specify /hostkey as an switch to open command in script (preferrer). Or open session using command line parameter. Combining command-line option /hostkey with open script command does not work.


I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?


Thanks for your help - PK


I am getting this same error via winscp.com /script ....

How are we suppose to be doing this without using "option batch continue"?

Thanks,
Casey
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
Anonymous wrote:
I tried the former and am getting,

"Too many parameters for command 'open'."

I will give it a shot with the latter, but what's the right syntax for open /hostkey?


I am getting this same error via winscp.com /script ....

How are we suppose to be doing this without using "option batch continue"?

See my reply above to the post you are quoting.

Last edited by martin on 2009-05-05; edited 1 time in total
Guest




prikryl wrote:
MrElliot wrote:
In our situation we have more than five people updating files on over 60 VMware ESX servers. Different Admins run the update script supplying their own credentials to login. Passwords are changed monthly. By NOT having any automatic accept host key function, each Admin would have to connect to each server at least once and accept the key.

Sorry, but that fact that you were not able to find how to use the -hostkey switch is not a reason to add "auto accept all hostkeys" option.

I have added more details and an example to documentation few days ago. Is it understandable now? If not, please suggest what you miss.


After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).

Learn what hostkeys are good for to find an answer yourself.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
keith wrote:
your question is so good i am also engage with this problem because here we should different parameters for this work but how can we use or start the syntax for it.

Sorry, I do not understand, neither I know to what post your are reacting.
_________________
Martin Prikryl
Samir Thakur

Guest


I tried using syntax
open sftp://martin@example.com -hostkey="ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

as suggested in the documentation. However it seems that the hostkey switch works only in development environment of SSIS. When I deploy the solution to server it gives me the error

"Too many parameters for command 'open'. option transfer binary transfer binary "

I am sure I am using precisely the same syntax as per the documnentation (with place holders replaces appropriately).

Could you help me if it is someother syntax or anything else. I am currently using 4.1.9 which seems to be latest non beta version with SFTP protocol on standard port 22
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Are you sure you have 4.1.9 on the solution server?
_________________
Martin Prikryl
new guest

Guest


I hate to say this, but reality that the all the document to show how to automatically accept the key doesn't work. What the user need is just one example (a command line) and where to find the correct version of the software. I read through the document, and can not make it works even I know what I need is just a one correct command line. Wink
restardo

Guest


I have a similar case where we've referenced 3 user accounts in accessing a sftp server. Our automation works before seamlessly with one user but now it is prompting to accept the fingerprint randomly. Is it possible to update/add the "ini" file with several hostkeys? What does host-key comprises (e.g. target server and username)?
Guest

Guest


Samir Thakur wrote:

"Too many parameters for command 'open'."


I have got this error, and it turned out that I was placing spaces on two sides of the "=" sign. After removing the spaces I didn't get the error. So check that to eliminate one cause.

-hostkey = "............
-hostkey="...........
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
restardo wrote:
Is it possible to update/add the "ini" file with several hostkeys?

Yes, if you use the latest version.
Quote:
What does host-key comprises (e.g. target server and username)?

Host key is specific to the host only, if that's what you ask for.
_________________
Martin Prikryl
ofkain

Guest


I've done this by adding a section to ini file :

[SshHostKeys]
rsa2@22***************************

This line could be obtained by executing manually winscp and reading in the ini modified ( the line is uncrypted )
This is certainly not the best method, but it doesn't compromise security and it works.
Hiro

Guest


prikryl wrote:
Quote:
After fixing that "option batch continue" bug, why not add an option "-hostkey=any"?
So that all hostkeys are accepted (without the need to specify the fingerprint).

Learn what hostkeys are good for to find an answer yourself.


Thank you for the administrative registry option to make the software less secure if needed (linked in your info above). My company has a process they usually use ftp for that one vendor uses sftp for, and my boss definitely wanted it to be more willing to accept server changes without hiccup rather than it being more secure (I asked her again after reading your page).

It's not quite as insecure as raw ftp, as a listener must be able to spoof DNS successfully, not just observer the packets.

And even regular ftp is better than posting the username password on the internet, as an attacker must observe your actual packets, not just reference them from a static 3rd party any time.

But being picky about the host key is a big part of what makes SFTP secure, but I very much appreciate you informing us and giving us the freedom to choose.


PS -hostkey=any or -hostkey=ImTooTrustingToCheckWhoIGiveMyPasswordTo would let people who want security on some connections but not others (not us, our server only handles low security connections). But those people could do the same thing by using your nifty advanced automation instructions at https://winscp.net/eng/docs/guide_automation_advanced to automatically accept the key if it changes, or respond to a new key in a more secure way (ask an admin to approve it, etc).
Guest




Hiro wrote:

Thank you for the administrative registry option to make the software less secure if needed (linked in your info above).


Actually it seems I may have been confused about DisableAcceptingHostKeys option.

I had a key cached in the INI file for 4.19 and it accepts the connection even though DisableAcceptingHostKeys was on (as long as the key matches).

It seems to kill the session however, if the key does not match.

I guess I will have to use the 4.19 feature of Option Batch Continue, and add my voice to those asking for a -hostkey="DNS Hackers can steal my password" option in 4.24.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
I had a key cached in the INI file for 4.19 and it accepts the connection even though DisableAcceptingHostKeys was on (as long as the key matches).

It seems to kill the session however, if the key does not match.

That's what the option is meant for.
_________________
Martin Prikryl
Guest




I too have a need to script winSCP to use the current key on a system, which I do not know in advance and have a work around. For those of you with the need here is how I solved the problem...

I have a batch file which basically attempts a connection to the server which obtains the current key, and which of course fails. Then I setup my real connection providing the key I just obtained.

The batch file is:

Code:
for /F "tokens=1-4 delims=\n" %%a in ('winscp.com /console /command "option batch on" "option confirm off" "open <userID>:<password>@192.168.1.10" "exit" ^| findstr ssh') do set SSHKEY=%%a
winscp.com /console /script=scp.txt /parameter "%SSHKEY%"


The scp.txt is as follows:
Code:
# Automatically answer all prompts negatively not to stall
# the script on errors
option batch on
# Disable overwrite confirmations that conflict with the previous
option confirm off
# Connect using a password
# open user:password@example.com
# Connect
open -hostkey="%1%" <userID>:<password>@192.168.1.10
# Change remote directory
cd /var/log/
# Force binary mode transfer
option transfer binary
# Download file to the local directory
get messages log\
# Disconnect
close
# Exit WinSCP
exit


It needs tidying and error case handling etc etc. but here are the basics for your consumption.
Guest




My usage case is that I rent up 20-50 servers from Amazon (EC2) for an average of two hours (for heavy load processing), after that the instances are terminated. I do not have any sensitive data and I would not care if someone was able to hack the servers for the two hours, the risk as well as the potential damage is low.

At the moment I need to manually open a the WinSCP for each server to accept their fingerprint. After that, I run WinSCP scripts to control the processing needed. Is there an easier way to accept the fingerprints. The nature of my processing makes WinSCP the best tool to use, apart from the acceptance of fingerprints.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Anonymous wrote:
My usage case is that I rent up 20-50 servers from Amazon (EC2) for an average of two hours (for heavy load processing), after that the instances are terminated. I do not have any sensitive data and I would not care if someone was able to hack the servers for the two hours, the risk as well as the potential damage is low.

Isn't there any other way to access the servers apart from SSH?
_________________
Martin Prikryl
Guest

Guest


Hi,

I am getting a popup as hostkey not identified though I am using the automated hostkey verification in my command.

Following is the example -

C:\"Program Files"\WinSCP\winscp.exe sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""

Also, my local machine has winscp and my ftp machine has winscp3.

Can you please help me out in getting the error resolved?

Regards,
SHreyas Wadi
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
You may have problems due to the quotes. Have you tried:
"C:\Program Files\WinSCP\winscp.exe" sftp://xxxx.xxxx@ftp.xxxx.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
_________________
Martin Prikryl
Guest

Guest


Hi,
Thanks for the reply.

Yes I have tried with it, but still it is giving out a pop up for the host key.

Is there any change in syntax for command line option for winscp and winscp3?

Kind Regards,
Shreyas Wadi

prikryl wrote:
You may have problems due to the quotes. Have you tried:
"C:\Program Files\WinSCP\winscp.exe" sftp://xxxx.xxxx@ftp.xxxx.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Guest wrote:
Is there any change in syntax for command line option for winscp and winscp3?

Well winscp3 did not support the switch. What version of WinSCP are you using?
_________________
Martin Prikryl
Al

Guest


Guest wrote:
Hi,

I am getting a popup as hostkey not identified though I am using the automated hostkey verification in my command.

Following is the example -

C:\"Program Files"\WinSCP\winscp.exe sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""

Also, my local machine has winscp and my ftp machine has winscp3.

Can you please help me out in getting the error resolved?

Regards,
SHreyas Wadi


I got it to work in this form:
winscp \command "open sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"" "
Guest




Al wrote:

I got it to work in this form:
winscp \command "open sftp://xxxx.xxxx@ftp.xxxx.com -hostkey=""ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"" "


prikryl: Please add this -hostkey=""<key>"" syntax to the documentation. I searched for an hour trying to make this work, and this was the answer. Nowhere in the documentation does it say how to specify -hostkey on a command line -- the only way is to use double quotes.

For reference, here is my script which works:

"C:\Program Files\WinSCP\WinSCP.exe" /console /log=winscp.log /command "option batch on" "option confirm off" "open user:password@example.com -hostkey=""ssh-rsa 2048 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11"" " "get /home/backups/* c:\backups\*" "exit"


-----
Twitter: @willbradley
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
I believe it is documented here:
https://winscp.net/eng/docs/scripting#syntax
_________________
Martin Prikryl
StanleyHamlet

Guest


thanks for the link
Dino77
[View user's profile]

Joined: 2011-08-16
Posts: 2
Location: Boston
I've been searching about the topic. View this link for further information articles.slicehost.com/2011/4/18/checking-a-server-s-ssh-host-fingerprint-with-the-web-console
braindancer

Guest


Ditto on the Amazon use case above. I have no practical ability to know the host keys of my servers in advance, nor do I have any desire to do so. They are all compute nodes that only exist for a short while. If not for this key verification, I would be able to fully automate node setup process.

Why not just add an option and let people decide whether they want to use it or not?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
braindancer wrote:
Ditto on the Amazon use case above. I have no practical ability to know the host keys of my servers in advance, nor do I have any desire to do so. They are all compute nodes that only exist for a short while. If not for this key verification, I would be able to fully automate node setup process.

Do you know, what's the purpose of Amazon using SSH then?
_________________
Martin Prikryl
India2pA

Guest


Here is my code , This seems to be working for another account (sEFTUserName ) for my colleague but for my sEFTUserName account its giving an error .

Code:
    winscp.StandardInput.WriteLine("open sftp://" + sEFTUserName + "@" + sRemoteHost + " -privatekey=" + sPvtKey + " -hostkey=" + serverhostkey);


Code:
Below is the LOG
winscp> option batch continue
batch           continue 
winscp> option confirm off
confirm         off       
winscp> open sftp://CMSxfer@eftmodel.gmacm.com:8022 -privatekey=C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\WinSCP\CMSxfer.ppk -hostkey="ssh-rsa 1024 8c:c3:48:ab:32:65:29:38:00:1a:49:22:c9:96:e5:3d"
Too many parameters for command 'open'.
winscp> cd /To_Custodian_Extract_Dev
No session.
winscp> put C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\Imported_Files\collateral_file_03012012 1703.csv
No session.
winscp>
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
You have to encluse the value of -privatekey switch to double-quotes:
Code:
    winscp.StandardInput.WriteLine("open sftp://" + sEFTUserName + "@" + sRemoteHost + " -privatekey=\"" + sPvtKey + "\" -hostkey=" + serverhostkey);


Code:
...
winscp> open sftp://CMSxfer@eftmodel.gmacm.com:8022 -privatekey="C:\Documents and Settings\skomeri\My Documents\skomeri\CMSSuite\CMS.Suite_v2.22.0\Web\CMS.Web\WinSCP\CMSxfer.ppk" -hostkey="ssh-rsa 1024 8c:c3:48:ab:32:65:29:38:00:1a:49:22:c9:96:e5:3d"


Last edited by martin on 2012-03-19; edited 1 time in total
timfoster

Guest


I have tried for the last few days to get this working.

I have a file that's exported from my SQL Server to a text file. The file gets zipped with 7z and I then need to send this file to a secure FTP location. I have a private key file but I can't get a conntection established at all.

I have tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
where xx is the fingerprint found in the server/protocols dialog. Running this I get a message saying the server's host key was not found. It says the key is a different value.

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy"
where yy is the fingerprint reported from the statement above. Running this I get a password prompt.

So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.

It may be that I'm doing something very obvious, but I can't see what. Can somebody please help?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
timfoster wrote:
So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.

Can you login with that key from GUI?
_________________
Martin Prikryl
timfoster
[View user's profile]

Joined: 2012-03-15
Posts: 1
prikryl wrote:
timfoster wrote:
So, I tried:
open sftp://user@server.com -hostkey="ssh-rsa 2048 yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy" -privatekey="c:\Private Key.ppk"
Now I get server refused our key and a password prompt again.

Can you login with that key from GUI?


Yes, The key isn't a problem at all. I can log in manually through the GUI and transfer files without any problem.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
timfoster wrote:
Yes, The key isn't a problem at all. I can log in manually through the GUI and transfer files without any problem.

Please post a full log file both for GUI and script.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License