no worries, happy to help!
- dotps1
Post a reply
Topic review
- samellinger
Sorry for the confusion with different names, that's what I get for trying to sanitize code at different times.
You are correct though, I had a value for the name of session, but looking back there is no name included in
You are correct though, I had a value for the name of session, but looking back there is no name included in
New-WinSCPSession. I thought that was part of one of the examples but looking over the examples and syntax there is not. Removing that name corrects the issue I was having with the command.
- dotps1
Please move this to GitHub, this is not an issue with WinSCP Directly, but possibly and issue with the WinSCP PowerShell Module. You can find it here: https://github.com/tomohulk/WinSCP/issues.
But at first glance, what is
*Edit*
I also see in your first post you have
again, not sure what
hope that helps.
*End Edit*
But at first glance, what is
DSession? There are no position supported params in the New-WinSCPSession cmdlet, everything is by name only (as it is with anything I write, I don't like unnamed params). So DSession i have a feeling is throwing everything off, it basically doesn't now what that value is for.
*Edit*
I also see in your first post you have
New-WinSCPSession ED -.........again, not sure what
ED is, but this make me even more sure about the issue being a typo.
hope that helps.
*End Edit*
- samellinger
Sure, here is the code that is working correctly:
Here is the powershell commandlet that did not work:
$sessionOptions = New-Object WinSCP.SessionOptions
$sessionOptions.Protocol = [WinSCP.Protocol]::ftp
$sessionOptions.HostName = "host.com"
$sessionOptions.UserName = "Username"
$sessionOptions.Password = 'Password'
$sessionOptions.TlsHostCertificateFingerprint = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78"
$sessionOptions.FtpSecure = [WinSCP.FtpSecure]::Explicit
$session = New-Object WinSCP.Session
Here is the powershell commandlet that did not work:
$FTPHost = "host.com"
$Port = "21"
$Protocol = "FTP"
$Username = "Username"
$Password = convertto-securestring -string 'Password' -AsPlainText -Force
$credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$HostKey = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78"
New-WinSCPSession DSession -credential $Credential -ftpMode Active -FtpSecure ExplicitTls -HostName $FTPHost -PortNumber $Port -Protocol $Protocol -TlsHostCertificateFingerprint $HostKey
- martin
Can you show us your corrected code that suffers the problem nevertheless?
- samellinger
After reading the error messages a bit deeper I realized that it is accepting the
Instead of using the Powershell wrapper I resorted to using the .Net assembly which is completing my connection successfully.
TlsHostCertificateFingerprint in its current format, but complaining about not having SshHostKeyFingerprint. It appears that no matter what I do, even though the protocol is set to FTP and FTPSecure is set to ExplicitTLS it still expects SshHostKeyFingerprint no matter what. I'm not sure if that is an error with the commandlets but I'm unable to complete the command without it expecting SSH information for my FTPS connection.
Instead of using the Powershell wrapper I resorted to using the .Net assembly which is completing my connection successfully.
- martin
So use
78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78 as is for TlsHostCertificateFingerprint, and do to try to add some irrelevant prefix.
- samellinger
I got that key from Session>Server and protocol information. Here's the output from that.
That's why I was a bit confused, I'm trying to use FTP over TLS not SFTP over SSH.
Remote system = UNIX Type: L8
File transfer protocol = FTP
Cryptographic protocol = TLS/SSL Explicit encryption, TLSv1.2
Encryption algorithm = TLSv1/SSLv3: AES256-GCM-SHA384, 2048 bit RSA
Compression = No
------------------------------------------------------------
Certificate fingerprint
78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78
That's why I was a bit confused, I'm trying to use FTP over TLS not SFTP over SSH.
- martin
Re: Powershell unable to get TlsHostCertificateFingerprint in correct format
The TLS certificate fingerprint cannot start with
See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match
ssh-rsa. That's obviously an SSH host key fingerprint. Where did you get it? Do you want to use FTP over TLS or SFTP over SSH?
See https://winscp.net/eng/docs/message_key_fingerprint_does_not_match
- samellinger
Powershell unable to get TlsHostCertificateFingerprint in correct format
I'm working to automate a csv upload to a external service that we subscribe to. I'm running into an issue with the Tls host certificate. Here's the code snippet and what I've tried
When I run that I receive
It appears that the key is matching the correct pattern but
I then tried shortening the key length as specified in that regex to
Can someone help me understand where I am going wrong in formatting this fingerprint?
$HostKey = "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68"
New-WinSCPSession ED -credential $Username -ftpMode Active -FtpSecure ExplicitTls -HostName $FTPHost -PortNumber $Port -Protocol $Protocol -TlsHostCertificateFingerprint $HostKey -SessionLogPath $WinSCPLog
When I run that I receive
New-WinSCPSession : Exception setting "TlsHostCertificateFingerprint": "TLS host certificate fingerprint "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68:cc:bb:37:78" does not
match pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}(;([0-9a-f]{2}:){19}[0-9a-f]{2})*/"
It appears that the key is matching the correct pattern but
ssh-rsa 2048 does not. Ok, so I changed the variable to
$HostKey = "78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68" and received the following result.New-WinSCPSession : Exception setting "SshHostKeyFingerprint": "SSH host key fingerprint "DiscoveryED" does not match pattern /((ssh-rsa|ssh-dss)( |-))?(\d+
)?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}(;((ssh-rsa|ssh-dss)( |-))?(\d+ )?([0-9a-f]{2}(:|-)){15}[0-9a-f]{2})*/"
I then tried shortening the key length as specified in that regex to
"ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68". However, I received the following error again
New-WinSCPSession : Exception setting "TlsHostCertificateFingerprint": "TLS host certificate fingerprint "ssh-rsa 2048 78:b7:ed:6a:2a:6d:06:61:ae:7d:f6:e5:75:7c:0d:68" does not match
pattern /([0-9a-f]{2}:){19}[0-9a-f]{2}(;([0-9a-f]{2}:){19}[0-9a-f]{2})*/"
Can someone help me understand where I am going wrong in formatting this fingerprint?