Forum » Scripting / Automation »

Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Using Public Keys on many remote PCs

As you have thrown away my effort in helping you by deleting my answer on Stack Overflow, I'm at least re-posting it here:

A host key is part of the information you need to know about about each server upfront, along with the hostname and credentials. You should get the information from the administrator of the server. See also Where do I get SSH host key fingerprint to authorize the server?

While you can automate the retrieval of the keys, it is not the best solution. If you want to do that anyway, you can make use of WinSCP .NET assembly Session.ScanFingerprint, e.g. from PowerShell script like: 

Add-Type -Path "WinSCPnet.dll"
 
$sessionOptions = New-Object WinSCP.SessionOptions
$session = New-Object WinSCP.Session
 
$hostnames = "example.com", "example.net", "example.org"
foreach ($hostname in $hostnames)
{
    $sessionOptions.HostName = $hostname
    $fp = $session.ScanFingerprint($sessionOptions, "SHA-256")
    Write-Host "$hostname = $fp"
}
bigredeo

Re: Using Public Keys on many remote PCs

martin wrote:

First, make sure you understand all the keys involved in SSH:
https://winscp.net/eng/docs/ssh_keys

For host key, see:
https://winscp.net/eng/docs/faq_hostkey

If you want to setup a public key authentication, see:
https://winscp.net/eng/docs/guide_public_key


I'm still not quite following, maybe because the WinSCP pages don't show a lot of examples of coding.

So now I've got a hostkey for the server - but I got that hostkey in the reply when I tried to manually run my .dat file with WinSCP. That's the only reason I got that hostkey. So I changed my .dat file so that it now contains: 

sftp://username:password@pos%STORE% -hostkey="ssh-xxxxxxxxxxxxx" >>ftpcmd.dat 

echo cd /cygdrive/c/path >>ftpcmd.dat 

echo put commands >>ftpcmd.dat 

echo get commands >>ftpcmd.dat 

echo exit >>ftpcmd.dat 

winscp.com /script=ftpcmd.dat


And I can generate a key pair with 

ssh-keygen -t ecdsa -b 521


What I'm not following is, do I have a way to get the hostkey from the Servers into my script without my having to remotely connect to all 50 Servers to manually get their hostkey and put the specific hostkey into the .dat file for just the clients connected to each respective Server?

And if there is a way for me to do that, then fine, I can put it into a variable when my script is creating the .dat file to be used for SFTP.

But secondly, if I generate a key pair with the ssh-keygen command above, how do I script my .dat file to use the key pair that is generated?
bigredeo

Using Public Keys on many remote PCs

I am trying to write a batch script using WinSCP to transfer files via SFTP. I have about 50 remote PCs that act as a server for an inside network at offsite locations. Each of these servers can have anywhere from 1 to 8 clients on it. These clients run schtasks overnight, one of which is a batch file that gets and puts several different files to/from the Server. Currently, they use FTP. I now need to re-write the FTP part of the batch file to use SFTP instead. These are Windows 7 Clients, but the Servers are Linux PCs. This is my first time attempting to use WinSCP. I installed it on my own test PC. I created a .dat file in the batch script similar to below - 

echo open sftp://username:password              > C:\temp\temp.dat

echo cd /cygdrive/c/pathToUse                   >> C:\temp\temp.dat  

echo put %USERDOMAIN%.ftp                       >> C:\temp\temp.dat 

echo put File1.txt File1.ftp                    >> C:\temp\temp.dat 

echo get File2.txt                               >> C:\temp\temp.dat

echo get File3.txt                                >> C:\temp\temp.dat

echo quit                                  >> C:\temp\temp.dat

echo exit                                   >> C:\temp\temp.dat


I have a test Server/Client setup at my desk, so I tested using WinSCP for the first time to see whether it would connect by using the command - 

winscp.com /script=ftpcmd.dat


And at first it said I needed a hostkey and WinSCP actually gave me the hostkey in the results. So I added the -hostkey "sshxxxxxxxxxx" switch at the end of first line in the .dat file and tried again to see if it would connect. It got further than before - no longer asking for the hostkey, but the results I got included: 

"Server offered these authentication methods: publickey, gssapi-keyex,gssapi-with-mic"


Two questions: Since I won't know the hostkey on these 50 remote servers, how can I write the script to connect not knowing the hostkey?

If I am able to generate a hostkey for the initial SFTP connection, how do I authenticate with either publickey, gssapi-keyex, gssapi--with-mic?

And please be kind as this is my first time using WinSCP and trying to understand keygen and hostkey/publickey authentication.

------------------EDIT-----------------
I did find I can generate a public key if I use the command: 
ssh-keygen -y -f ssh_host_rsa_key

in the correct directory. But I'm not sure how to utilize that within my batch script or WinSCP.

Documentation

Support

Associations

Follow Us