Need help with automatic host key acceptance

Advertisement

ecarew
Joined:
Posts:
3
Location:
Evan at Sumitomo

Need help with automatic host key acceptance

I am trying to get my copy of WinSCP 4.1.8 (Build 415) on a Windows 2003 server to run with the -hostkey option to the open command. I can't seem to get it to function. It's as if I didn't put the option in the script file at all, the program simply stops without opening up a session. Does anyone have an example of a command line that works for this feature, with this version of WinSCP?

Thanks

Reply with quote

Advertisement

JimGriffith
Joined:
Posts:
18

Same issue

I'm having the same issue. When you do your next documentation additions, can you provide examples of how the switches and options should be used? Thanks! I've tried to put the auto accept of the host key in many places using a script file with no success so I decided to go to my command line. Here's my command
open sftp:user:pass@site.com /hostkey=ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea
When I execute this I receive a "too many parameters for command 'open'" error.

Can you, or someone who has successfully done this, provide me with an example of how and where to use this switch? And please don't tell me to go read documentation. It's obvious that I've been there and it's not helping. Thanks.

Reply with quote E-mail

Advertisement

JimGriffith
Joined:
Posts:
18

Just tried that and it didn't work here's my command
open sftp:user:pass@site.com /hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"
Same results. Too many parameters.

Reply with quote E-mail

JimGriffith
Joined:
Posts:
18

okay I was able to get it to work this way
open sftp://user:pass@site.com -hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"
After it worked on one machine I tried it on another and received the "too many parameters" error. After I looked at the version on that machine I realized it was only 4.0.x and it worked once I upgraded. However, I noticed that even though I'm specifying the host key, it doesn't store the fingerprint in the registry. Is there another option to store that?

Reply with quote E-mail

martin
Site Admin
martin avatar

JimGriffith wrote:

However, I noticed that even though I'm specifying the host key, it doesn't store the fingerprint in the registry. Is there another option to store that?
Why do you need that?

Reply with quote

Advertisement

martin
Site Admin
martin avatar

@JimGriffith: That does not make any sense. So either you are doing automatic script that has to run with default configuration (on any machine), without making any changes to it. Than you use -hostkey. Or you want to cache the hostkey for regular (non-automatic) use. Than you can do it from GUI or by importing the settings to registry (you can do it automatically as well). You are mixing two different things together.

Reply with quote

JimGriffith

Yes I am but I want to do it in scripting. After I have a transfer failure, because it's a new site and I haven't accepted the host key, I want to be able to run my process which will pull the host key from the log, connect to the site, automatically accepting the key that I've supplied, and storing what it needs in the registry for future scripting use.

Reply with quote E-mail

martin
Site Admin
martin avatar

JimGriffith: OK, that's something you absolutely should not do. You break all security in SSH by this. Of course do whatever you want to do. But do not ask me to implement support for it.

Reply with quote

Advertisement

JimGriffith

Okay so forget that I said the scripting part but asking for it to save the information in the registry, in my opinion, is a valid request that other people may like to see. If I've entered the key once for a site, why should I have to continue to enter it? I've already validated that I know the key and it matches the site I'm connecting to, which I believe maintains the security. I just want to store it for future connections to that site.

Reply with quote E-mail

AMH
Guest

Hostkey automatic

I call this command in my program:
lanceAppli("winscp.com  /script= scp.txt")
In my scp.txt I put:
option confirm off
open sftp://mylogin:myPW@MyIP:port -hostkey="ssh-rsa 1024 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa"
option Transfer binary
put  filename.ext
close
exit
When i execute it i have a message :
Host does't exist.
But if i do it from DOS command, line by line:
winscp.com
winscp>option confirm off
confirm off
winscp>
it works!

Can some one help me?

Reply with quote

JimGriffith
Joined:
Posts:
18

Try putting your option confirm off after the open statement. This is the way I do my scripts and it works for me.
open sftp://user:pass@ftp.site.com -hostkey="ssh-rsa 1024 46:62:9d:86:45:d0:b9:b2:b4:0f:61:a2:af:40:8a:ea"
option confirm off 
option transfer binary 
put file.txt
exit

Reply with quote E-mail

AMH
Guest

sftp hostkey automatic

Now I tried this syntax but no thing is change the same message:
Recherche de l'hote.....

Host does not exist.
winscp>

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

JimGriffith wrote:

Okay so forget that I said the scripting part but asking for it to save the information in the registry, in my opinion, is a valid request that other people may like to see. If I've entered the key once for a site, why should I have to continue to enter it? I've already validated that I know the key and it matches the site I'm connecting to, which I believe maintains the security. I just want to store it for future connections to that site.
But WinSCP allows that. Just not the way you are trying to do it.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: Hostkey automatic

AMH wrote:

i call this command in my program:
lanceAppli("winscp.com  /script= scp.txt")
in my scp.txt i put
...
I suppose that the space in /script= scp.txt is the problem. This way, WinSCP does not connect /script= with scp.txt. It ignores empty /script switch and tries to connect to host scp.txt.

Reply with quote

vh
Guest

"Host key not found in cache error "

Just want to ask a question, if we have both, one key mentioned in the registry and other one in open command with -hostkey, will it produce any error?
In my case I have the one hostkey fingerprint hardcoded in the script while the other one present in the registry. Both are different. I want my script to execute successfully, I don't know about the one stored in registry but it gives the error "host key not found in the cache".

Reply with quote

martin
Site Admin
martin avatar

Re: "Host key not found in cache error "

@vh: Such error does not exist in WinSCP. Maybe you mean log record "Host key does not match cached key..."
You will get that if the cached host key does match. But the key still validates using the fingerprint provided in script using -hostkey. If you get different results, please start a new topic and attach a complete session log file.

Reply with quote

Advertisement

MuruganandhanR
Guest

Get SFTP Finger Print

private string fnGetSFTPFingerPrint()
{
    if (!ObjSFTP.UnlockComponent("CSHANMSSH_5VswUWpF4Rnk"))
        return "Unlock Component Failed.";
 
    ObjSFTP.ConnectTimeoutMs = 5000;
    ObjSFTP.IdleTimeoutMs = 10000;
    int Port = Convert.ToInt32(txtPort.Text);
    bool success;
    Chilkat.SshKey key = new Chilkat.SshKey();
 
    if (!ObjSFTP.Connect(txtHost.Text, Port))
        return "Connection Failed.";
 
 
    string privKey;
    privKey = key.LoadText(txtPrivateKeyPath.Text); //("myPrivateKey.pem");
    if (privKey == null)
        return "Connection Failed.";
    success = key.FromOpenSshPrivateKey(privKey);
 
    if (success != true)
        return "Connection Failed.";
    if (!ObjSFTP.AuthenticatePk(txtUserName.Text, key))
        return "Connection Failed.";
 
 
    if (!ObjSFTP.InitializeSftp())
        return "Initialization Failed.";
 
    string handle;
    handle = ObjSFTP.OpenDir(txtDestination.Text);
    if (handle == null)
        return "Open Dir Failed.";
 
    txtFingerKeyPrint.Text = ObjSFTP.HostKeyFingerprint;
    return ObjSFTP.HostKeyFingerprint;
}

Reply with quote

Advertisement

You can post new topics in this forum