Session open with tunneling

Advertisement

Hiro.A
Joined:
Posts:
20
Location:
Japan

Session open with tunneling

I am trying to connect to my server thru tunneling server. My trial code is this:
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<MyServerFQDN>",
    PortNumber = <Port>,
    UserName = "<UserName>",
    Password = "<PassWd>",
    SshHostKeyFingerprint = "<MyServer'sFingerPrint>"
};
 
using (Session session = new Session())
{
    // Connect
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer");
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>");
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>");
    session.Open(sOs);
}

But I got an Error message like this :
Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is <Tunnel Server's Fingerprint>
Authentication failed.
I cannot understand how to set the tunnel server's fingerprint. I guess it may exist in the [SshHostKeys] section in the WinSCP.ini file, but I could not use it.

Would you tell me how to set tunnel server's fingerprint? Or is there any other workaround?

Thanks!

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,441
Location:
Prague, Czechia

Re: Session open with tunneling

Ok, this might be tricky.

Point is that you need to add both fingerprints to the SshHostKeyFingerprint, separated by semicolon.

But the current validation rules prevents you doing that.
You can circumvent that by using:
AddRawSettings("HostKey", "hostkey1;hostkey2")
Let me know.

Issue added to the tracker:
https://winscp.net/tracker/932

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

Thank you for quick reply!

But unfortunately I tried to set by AddRawSettings but It didn't work.
SessionOptions sOs = new SessionOptions 
{ 
    Protocol = Protocol.Sftp, 
    HostName = "<MyServerFQDN>", 
    PortNumber = <Port>, 
    UserName = "<UserName>", 
    Password = "<PassWd>"
//, 
//    SshHostKeyFingerprint = "<MyServer'sFingerPrint>" 
}; 
 
using (Session session = new Session()) 
{ 
    // Connect 
    sOs.AddRawSettings("HostKey", "<MyServer'sFingerPrint>;<Tunnel Server's Fingerprint>");
    sOs.AddRawSettings("Tunnel", "1"); 
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer>"); 
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>"); 
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>"); 
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>"); 
    session.Open(sOs); 
}
result:
Error: System.ArgumentException: SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.HostKey is not set.
場所 WinSCP.Session.SessionOptionsToOpenSwitches(SessionOptions sessionOptions)
場所 WinSCP.Session.SessionOptionsToOpenArguments(SessionOptions sessionOptions)
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VCSProj\scptest\scptest\Form1.cs:行 57
(sorry including Japanese characters)
What should I do else?

One confirmation, I use the form of ssh-rsa 2048 xx:xx:xx:.....:xx as my fingerprints format when I set them by AddRawSettings, is it correct?
(I wonder if 'Raw' means the exact way in winscp.ini strings)

Thanks

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,441
Location:
Prague, Czechia

Re: Session open with tunneling

Just set SessionOptions.SshHostKeyFingerprint to any valid value to circumvent the check. The raw settings overrides its value anyway.

Anyway, I've sent you an email with link a to a dev version that fixes your issue.
Let me know.

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

Thank you for sending your test modules.

I tried immediately and got the followed results :

Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VCSProj\scptest\scptest\Form1.cs:行 57

Fingerprint's in the Error message was the one for Tunnel server's.

My code is like this :

SessionOptions sOs = new SessionOptions 
{ 
    Protocol = Protocol.Sftp, 
    HostName = "<MyServerFQDN>", 
    PortNumber = <Port>, 
    UserName = "<UserName>", 
    Password = "<PassWd>" , 
    SshHostKeyFingerprint = "<Tunnel Server's FingerPrint>;<MyServer's FingerPrint>" 
}; 

using (Session session = new Session()) 
{ 
    // Connect 
    sOs.AddRawSettings("Tunnel", "1"); 
    sOs.AddRawSettings("TunnelHostName", "<MyTunnelServer>"); 
    sOs.AddRawSettings("TunnelPortNumber", "<TunnelPort>"); 
    sOs.AddRawSettings("TunnelUserName", "<TunnelUser>"); 
    sOs.AddRawSettings("TunnelPublicKeyFile", "<TunnelUser'sPPK>"); 
    session.Open(sOs); 

}

I guess somewhere of authentication process of tunnel server's fingerprint may not good to work.
In addition, it also did not work when I changed the fingerprints' order. (same error message)

Regards,

Reply with quote

Advertisement

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

Hi,

Did my e-mail arrive to you ? I attached the same Session.log file here in case it may lost.

Regards,

Reply with quote

Advertisement

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

martin wrote:

Yes. I've sent you new build for testing while ago.

Anyway, 5.1.1 has been released meanwhile with TunnelHostKey raw session settings added for you.
https://winscp.net/tracker/938

I am sorry I did not notice receiving your e-mail.
Justnow I tested it quickly but again I could not success tunneling. It was the same result.

I will confirm later and will upload the results.

Regards,

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

I tested again and finally got the same error result.

Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VC# Projects\C#2010\scptest\scptest\Form1.cs:行 58

// Setup session options
SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "HOSTNAME.xxx.xxx.ne.jp",
    PortNumber = 54322,
    UserName = "<USERNAME>",
    Password = "password"
    ,
    SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"
};

using (Session session = new Session())
{
   // Overwrite ?
    sOs.AddRawSettings("HostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c;ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2");
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "TNLHOST.xxx.xxx.ne.jp");
    sOs.AddRawSettings("TunnelPortNumber", "54322");
    sOs.AddRawSettings("TunnelUserName", "<TNLUSER>");
    sOs.AddRawSettings("TunnelPublicKeyFile", "tnluser.ppk");

    session.SessionLogPath = @"I:\VC# Projects\C#2010\scptest\SesLog1.txt";
    session.Open(sOs);
}


Would you teach me how to set the HostKey by AddRawSettings in detail ?


Best regards,

PS.

One thing good for you, I confirmed that I could use the character "#" in the path ! It's great! Thank you!!

Reply with quote

martin
Site Admin
martin avatar

Re: Session open with tunneling

Use SessionOptions.SshHostKeyFingerprint to set you main session host key fingerprint and SessionOptions.AddRawSettings("TunnelHostKey", ...) to set the tunnel session host key fingerprint.

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

Same results.

Error: WinSCP.SessionRemoteException: Host key wasn't verified! ---> WinSCP.SessionRemoteException: Host key fingerprint is ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c.
Authentication failed.
--- 内部例外スタック トレースの終わり ---
場所 WinSCP.SessionLogReader.Read(LogReadFlags flags)
場所 WinSCP.ElementLogReader.Read(LogReadFlags flags)
場所 WinSCP.CustomLogReader.TryWaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElement(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForNonEmptyElementAndCreateLogReader(String localName, LogReadFlags flags)
場所 WinSCP.CustomLogReader.WaitForGroupAndCreateLogReader()
場所 WinSCP.Session.Open(SessionOptions sessionOptions)
場所 scptest.Form1.button1_Click(Object sender, EventArgs e) 場所 I:\VC# Projects\C#2012\scptest\scptest\Form1.cs:行 56

                   SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"

                    sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");

In the session.log,
. 2012-11-19 20:39:15.628 [Tunnel] Server version: SSH-2.0-OpenSSH_5.3
. 2012-11-19 20:39:15.628 [Tunnel] Using SSH protocol version 2
. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1
. 2012-11-19 20:39:15.633 [Tunnel] Doing Diffie-Hellman group exchange
. 2012-11-19 20:39:15.678 [Tunnel] Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-11-19 20:39:15.829 [Tunnel] Verifying host key rsa2 0x23,0xb9e7a68722066c319d939feda1.... with fingerprint ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-11-19 20:39:15.830 Asking user:
. 2012-11-19 20:39:15.830 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 The server's rsa2 key fingerprint is:
. 2012-11-19 20:39:15.830 ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2012-11-19 20:39:15.830
. 2012-11-19 20:39:15.830 Continue connecting and add host key to the cache? ()
. 2012-11-19 20:39:15.830 [Tunnel] Closing connection.
. 2012-11-19 20:39:15.830 [Tunnel] Sending special code: 12

SessionLog said 'The server's host key was not found in the cache.'.

What can I do next ? I don't understand where I was wrong ...

Regards,

Reply with quote

Advertisement

Hiro.A

Re: Session open with tunneling

In addition, I tried to repeat with AddRowSettings deleted and got the quite same result.

I guess 'TunnelHostKey' was ignored. Perhaps same as 'HostKey' and 'SshHostKey'.

Reply with quote

martin
Site Admin
martin avatar

Re: Session open with tunneling

Hiro.A wrote:

. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1
I have sent you a dev version 5.2. You are using official 5.1.1. It does not support the TunnerHostKey.

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

martin wrote:

Hiro.A wrote:

. 2012-11-19 20:39:15.628 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.1
I have sent you a dev version 5.2. You are using official 5.1.1. It does not support the TunnerHostKey.

I am sorry again. So I tried again with V5.2 , but nothing seemed to change.

For my confirmation, Are they the correct things ?
<deleted by admin>

I received these at Date: Sat, 03 Nov 2012 08:25:35 +0100(mail header) and there are nothing newer.

I attached a debug log. In it,
[2012-11-23 11:47:30.727Z] [0009] Command: [open -hostkey="ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2" -timeout=15 "sftp://<USER>:<PASSWD>@<SSHHOST>.jp:22222" -rawsettings Tunnel="1" TunnelHostKey="ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c" TunnelHostName="<TUNNELHOST>.jp" TunnelPortNumber="22222" TunnelUserName="<TUNNELUSER>"]
<snip>
[2012-11-23 12:30:03.645Z] [000a] Output: [Authenticating...]
[2012-11-23 12:30:03.649Z] [000b] ExeSessionProcess.ProcessEvent entering
[2012-11-23 12:30:03.650Z] [000b] Scheduling output: [The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.]
[2012-11-23 12:30:03.650Z] [000b] Scheduling output: [The server's rsa2 key fingerprint is:]
[2012-11-23 12:30:03.651Z] [000a] Output: [The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.]
[2012-11-23 12:30:03.652Z] [000b] Scheduling output: [ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c]

TunnelHostKey seemed to not be processed by the right way in the program.
My understanding is that TunnleHostKey is set into the cache when I set it by rawSettings.
Is that right ? If so, the message in debug log seemed a little bit strange.

Regards,
Description: Debug log

Reply with quote

martin
Site Admin
martin avatar

Re: Session open with tunneling

For the URLs: Yes, they are correct.
Please set Session.SessionLogPath and attach the log.

Reply with quote

Advertisement

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

Ok. I attached the session log.

And I pasted my code for confirmation.

SessionOptions sOs = new SessionOptions
{
    Protocol = Protocol.Sftp,
    HostName = "<SSHOST>.jp",
    PortNumber = 22222,
    UserName = "<USER>",
    Password = "<PASSWD>",
    SshHostKeyFingerprint = "ssh-rsa 2048 cb:79:b4:2d:52:c1:eb:ce:32:be:0f:6d:40:fc:5f:c2"
};

using (Session session = new Session())
{
    sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");
    sOs.AddRawSettings("Tunnel", "1");
    sOs.AddRawSettings("TunnelHostName", "<TUNNELHOST>.jp");
    sOs.AddRawSettings("TunnelPortNumber", "22222");
    sOs.AddRawSettings("TunnelUserName", "<TUNNELUSER>");
    sOs.AddRawSettings("TunnelPublicKeyFile", @"I:\My Docs\privkey.ppk");

    session.SessionLogPath = @"I:\VC# Projects\C#2010\scptest\SesLog.txt";
    session.Open(sOs);

Reply with quote

Hiro.A
Joined:
Posts:
20
Location:
Japan

Re: Session open with tunneling

I tried V5.1.2, but nothing changed yet.

Are you sure the needed key is "TunnelHostKey" ? Did I misunderstand or else ?
I can't understand what was happen.

sOs.AddRawSettings("TunnelHostKey", "ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c");

If you have something difficult to solve this issue, would you give me another solution ? For example, can you modify the program to auto-accept hostkeys ?
Or would you reveal the source code ?

. 2012-12-04 16:32:42.475 [Tunnel] Server version: SSH-2.0-OpenSSH_5.3
. 2012-12-04 16:32:42.475 [Tunnel] Using SSH protocol version 2
. 2012-12-04 16:32:42.475 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.1.2
. 2012-12-04 16:32:42.480 [Tunnel] Doing Diffie-Hellman group exchange
. 2012-12-04 16:32:42.526 [Tunnel] Doing Diffie-Hellman key exchange with hash SHA-1
. 2012-12-04 16:32:42.681 [Tunnel] Verifying host key rsa2 0x23,0xb9e7a68722066c319d939feda1a6d13b43bf281167f0c04336c267a7ad927faeae9eed689161f8d0a5a9ee3c7cdae47d611ad471c357e74dda0ebaed7e13a82d0f023b9247811622cda40dfe8c9366dfad8ef93beeb7b6575dbafca6801386e8f5ab51b5b179af3425f1000b847caa9a40782f784fdc0b4db709b69db2035f6b6c61d56cbfa2a7f9a861bbbf81a01c5d20b831d246fc61adfec4ed9dd587e6c559ed150b9c8dbb06642bbbbab886d4caa47ae4257fa05d5f7200e6c54b8cff85c582063b9d47c000faf865f290a50deb770e9aef1b44b241ee3947bfac2a244759ae6c7b343a6472b3dfbc84986ddbce2593d8d82bc236b617e9719c464547f3 with fingerprint ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-12-04 16:32:42.681 Asking user:
. 2012-12-04 16:32:42.681 The server's host key was not found in the cache. You have no guarantee that the server is the computer you think it is.
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 The server's rsa2 key fingerprint is:
. 2012-12-04 16:32:42.681 ssh-rsa 2048 7e:c8:9e:c7:7a:26:54:c0:65:5a:13:14:36:2f:cf:7c
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 If you trust this host, press Yes. To connect without adding host key to the cache, press No. To abandon the connection press Cancel.
. 2012-12-04 16:32:42.681
. 2012-12-04 16:32:42.681 Continue connecting and add host key to the cache? ()
. 2012-12-04 16:32:42.681 [Tunnel] Closing connection.
. 2012-12-04 16:32:42.681 [Tunnel] Sending special code: 12

Reply with quote

martin
Site Admin
martin avatar

Re: Session open with tunneling

I'm sending you an email with a development version of WinSCP to address you have used to register on this forum.

Reply with quote

Advertisement

BBM
Guest

Bug 948

This is my log
. 2018-09-20 14:29:39.468 WinSCP Version 5.13.4 (Build 8731) (OS 6.1.7601 Service Pack 1 - Windows 7 Professional)
......
. 2018-09-20 14:29:39.470 --------------------------------------------------------------------------
. 2018-09-20 14:29:39.470 Opening tunnel.
. 2018-09-20 14:29:39.473 Autoselected tunnel local port number 50000
. 2018-09-20 14:29:39.491 [Tunnel] Connecting to 10.211.2.31 port 22
. 2018-09-20 14:29:39.522 [Tunnel] We claim version: SSH-2.0-WinSCP_release_5.13.4
. 2018-09-20 14:29:39.543 [Tunnel] Server version: SSH-2.0-OpenSSH_7.4
. 2018-09-20 14:29:39.543 [Tunnel] Using SSH protocol version 2
. 2018-09-20 14:29:39.543 [Tunnel] Have a known host key of type ssh-ed25519
. 2018-09-20 14:29:39.548 [Tunnel] Doing ECDH key exchange with curve Curve25519 and hash SHA-256
. 2018-09-20 14:29:39.944 [Tunnel] Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
. 2018-09-20 14:29:39.945 [Tunnel] Host key fingerprint is:
. 2018-09-20 14:29:39.945 [Tunnel] ssh-ed25519 256 9f:19:21:ce:ee:d9:c2:d4:ad:03:25:dc:1e:07:57:16 ex8D2iA93hrVH5ekJcxkAnV7Gk+EyrZ6p/JiiXm8olg=
. 2018-09-20 14:29:39.945 [Tunnel] Host key does not match configured key ssh-ed25519 256 9f:19:21:ce:ee:d9:c2:d4:ad:03:25:dc:1e:07:57:16 ex8D2iA93hrVH5ekJcxkAnV7Gk+EyrZ6p/JiiXm8olg=
. 2018-09-20 14:29:39.946 [Tunnel] Closing connection.
. 2018-09-20 14:29:39.946 [Tunnel] Sending special code: 12

Reply with quote

Advertisement

You can post new topics in this forum