How are SFTP fingerprints handled?
- Thread starter vefatica
- Start date
- May
- 13,823
- 211
TCC shows me this:
Code:
v:\> dir sftp://vefatica.net
The server provided the following fingerprint:
e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99
Would you like to continue? (Y/N)?
rconn
Administrator
- May
- 13,689
- 257
Staff member
That's correct, but that's not what you originally asked.
The ipworks ssh class passes the fingerprint when the class connects. If you accept it, it gets saved to your .INI file (server + fingerprint). (But it is never deleted.) When you reconnect, TCC looks to see if there's a match in the .INI file; if so it's accepted, if not you get the prompt.
- May
- 13,823
- 211
I must have been doing two different things when I noticed the same version of TCC asking twice about the fingerprint. Now I see that it's actually in the INI file twice and I'm not asked about it any longer.
Code:
v:\> grep 48:99 %_ininame
vefatica.net=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99
sftp://vefatica.net=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99We got a (reasonably) neat solution to avoiding an interactive prompt in an unattended BTM file (for instance when run from Task Scheduler):
KEYSTACK Y enter
copy sftp://somewhere.com/somepath/somefile.txt mydestination
INPUT /c /W0
The Keystack puts the Y response into the buffer just in case the copy command is to a new site, and it pops up the 'fingerprint - do you want to continue' message.
That means that the copy command continues regardless
The Input then flushes the Y out of the buffer (/c) if the prompt did NOT appear, or waits 0 seconds for new input if the 'Y' was used up and there is nothing to clear.
However, it would be nice if TCC was able to detect that it was not running intereactively (ie from a service or scheduled task), and NOT put out a prompt that will never get acknowledged. (We are using TCC20 - this may already be fixed in a newer version, but I have no idea).
KEYSTACK Y enter
copy sftp://somewhere.com/somepath/somefile.txt mydestination
INPUT /c /W0
The Keystack puts the Y response into the buffer just in case the copy command is to a new site, and it pops up the 'fingerprint - do you want to continue' message.
That means that the copy command continues regardless
The Input then flushes the Y out of the buffer (/c) if the prompt did NOT appear, or waits 0 seconds for new input if the 'Y' was used up and there is nothing to clear.
However, it would be nice if TCC was able to detect that it was not running intereactively (ie from a service or scheduled task), and NOT put out a prompt that will never get acknowledged. (We are using TCC20 - this may already be fixed in a newer version, but I have no idea).