Re: Specify cipher from command line
Thanks Martin. I was putting that option on the command line. Added it to the params file and it works.
- kbecker
Post a reply
Topic review
- martin
I haven't suggested using any
If follow my advice above, you should arrive at syntax like this:
/cipher.
If follow my advice above, you should arrive at syntax like this:
open sftp://user@example.com/ -rawsettings Cipher="aes,aesgcm,WARN,chacha20,3des,des,blowfish,arcfour"
- kbecker
Thanks for that. I was using
However, I still cannot get it to work. Here are some sections from the log file.
/ciphers, not /cipher.
However, I still cannot get it to work. Here are some sections from the log file.
. 2025-04-10 08:54:55.003 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" /ini=nul /cipher=chacha20,WARN,aes,aesgcm /log="E:\JPM\logs\WinSCP_UATTest_20250410__ 85453.log" /script="E:\JPM\Scripts\Test_UAT.params"
. 2025-04-10 08:54:55.003 Transfer Protocol: SFTP
. 2025-04-10 08:54:55.003 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2025-04-10 08:54:55.003 Disable Nagle: No
. 2025-04-10 08:54:55.003 Proxy: None
. 2025-04-10 08:54:55.003 Send buffer: 262144
. 2025-04-10 08:54:55.003 Compression: No
. 2025-04-10 08:54:55.003 Bypass authentication: No
. 2025-04-10 08:54:55.003 Try agent: Yes; Agent forwarding: No; KI: Yes; GSSAPI: Yes
. 2025-04-10 08:54:55.003 GSSAPI: KEX: No; Forwarding: No; Libs: gssapi32,sspi,custom; Custom:
. 2025-04-10 08:54:55.003 Ciphers: aes,chacha20,aesgcm,3des,WARN,des,blowfish,arcfour; Ssh2DES: No
. 2025-04-10 08:54:55.003 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2025-04-10 08:54:55.003 Simple channel: Yes
< 2025-04-10 08:54:55.112 Script: Connecting to host...
. 2025-04-10 08:54:55.112 We claim version: SSH-2.0-WinSCP_release_6.5
. 2025-04-10 08:54:55.159 Remote version: SSH-2.0-SSHD
. 2025-04-10 08:54:55.159 Using SSH protocol version 2
. 2025-04-10 08:54:55.159 Have a known host key of type rsa2
. 2025-04-10 08:54:55.159 Enabling strict key exchange semantics
. 2025-04-10 08:54:55.174 Doing ECDH key exchange with curve Curve25519, using hash SHA-256
< 2025-04-10 08:54:55.315 Script: Authenticating...
. 2025-04-10 08:54:55.315 Host key matches configured key fingerprint
. 2025-04-10 08:54:55.315 Initialised AES-128 GCM (AES-NI accelerated) [aes128-gcm@openssh.com] outbound encryption
. 2025-04-10 08:54:55.315 Initialised AES-GCM (unaccelerated) outbound MAC algorithm (in ETM mode) (required by cipher)
. 2025-04-10 08:54:55.315 Initialised AES-128 GCM (AES-NI accelerated) [aes128-gcm@openssh.com] inbound encryption
. 2025-04-10 08:54:55.315 Initialised AES-GCM (unaccelerated) inbound MAC algorithm (in ETM mode) (required by cipher)
- martin
Re: Specify cipher from command line
Sorry, I've misread your original post.
For SFTP/SSH cipher, use
https://winscp.net/eng/docs/rawsettings#cipher
The easiest is to have the GUI generate a script template for you:
https://winscp.net/eng/docs/ui_generateurl
For SFTP/SSH cipher, use
Cipher settings:
https://winscp.net/eng/docs/rawsettings#cipher
The easiest is to have the GUI generate a script template for you:
https://winscp.net/eng/docs/ui_generateurl
- kbecker
Re: Specify cipher from command line
We are connecting to the host with SFTP for the file protocol. Under Advanced settings there is a section for the SSH protocol where you can arrange the order of the ciphers.
I need to do something similar from the command line.
When we connect to our current host, it uses AES-CTR. The host says they will no longer support that protocol and we have to use AES-GCM. I am trying to start using GCM now but do not know how to force it.
I need to do something similar from the command line.
When we connect to our current host, it uses AES-CTR. The host says they will no longer support that protocol and we have to use AES-GCM. I am trying to start using GCM now but do not know how to force it.
- martin
Re: Specify cipher from command line
WinSCP does not support selecting a specific cipher for TLS/SSL.
Why do you need it?
Why do you need it?
- kbecker
Specify cipher from command line
I need WinSCP to use an AES GCM cipher when connecting to a host. Here is the command line that is executed. I have tried specifying both GCM and CTR ciphers but the log file shows that the cipher WinSCP uses is not affected by what is on the command line.
Another example trying to force AES CTR. Again, the log file shows that WinSCP ignores the ciphers parameter.
"C:\Program Files (x86)\WinSCP\WinSCP.exe" /ciphers=aes256-gcm@openssh.com,aes128-gcm@openssh.com /log="E:\logs\WinSCP_UATTest_%date:~10,4%%date:~4,2%%date:~7,2%__%time:~0,2%%time:~3,2%%time:~6,2%.log" /script="E:\Scripts\Test_UAT.params"
Another example trying to force AES CTR. Again, the log file shows that WinSCP ignores the ciphers parameter.
"C:\Program Files (x86)\WinSCP\WinSCP.exe" /ciphers=aes256-ctr /log="E:\logs\WinSCP_UATTest_%date:~10,4%%date:~4,2%%date:~7,2%__%time:~0,2%%time:~3,2%%time:~6,2%.log" /script="E:\Scripts\Test_UAT.params"