1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SFTP fingerprint acknowledgement

Discussion in 'Support' started by millardjk, May 28, 2010.

  1. millardjk

    Joined:
    Aug 22, 2008
    Messages:
    29
    Likes Received:
    0
    Okay, I'm loving the built-in support for SFTP that's now in v11. Yay!

    However, in order to get a bulletproof script that runs unattended, I need to be able to automatically acknowledge the fingerprint that the remote host returns when connecting using either IFTP or a "direct" call in case the host needs to replace its key.

    TCC is "remembering" my answer the first time it "asks" when I use it interactively (thanks for that, but where is it being stored?), but I don't really want my scripts to "hang" until I notice them when they're running unattended in the event there's a change, or if I need to move the processing to another machine in my enterprise.

    Did I miss something in the documentation, or is this an enhancement request?

    And yes, I'm fully aware that blind acknowledgment defeats any number of security benefits of the key exchange process in SSH. However, that's not important in this scenario: I'm sending a simple text file, and the recipient is requiring SFTP, not me--I'd be OK with old-school FTP and am happy to assume that the recipient is the one I intend to receive the data.
     
  2. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,938
    Likes Received:
    30
    On Fri, 28 May 2010 18:42:39 -0400, millardjk <> wrote:

    |TCC is "remembering" my answer the first time it "asks" when I use it interactively (thanks for that, but where is it being stored?), but I don't really want my scripts to "hang" until I notice them when they're running unattended in the event there's a change, or if I need to move the processing to another machine in my enterprise.

    You might be able to use KEYSTACK; perhaps like this.

    KEYSTACK /W100 "Y" & START /C COPY sftp://host/path/file

    A new instance of TCC will start in the foreground and 100/18 seconds later, "Y"
    will be simulated. If the "Y" is unnecessary, it'll just show up in the second
    instance's console (after the command has finished and before the second
    instance exits).

    A question for Rex: This doesn't work:

    keystack /W100 "password" Enter & start /c copy ftp://vefatica:*@lucky/file

    because TCC logs in twice (I guess so anyway since one password prompt is
    dismissed automatically ... only to show another one). Here's what I see:

    Password: (lucky:vefatica): *************
    ftp://lucky/factorial.bat => V:\factorial.bat
    Password: (lucky:vefatica):

    Couldn't TCC re-use the password if it has to login several times to complete
    one command?
    --
    - Vince
     
  3. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,938
    Likes Received:
    30
    Keystack has nothing to do with it. I must enter the password twice when doing it manually as well.
     
  4. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,854
    Likes Received:
    83
    It could, if you're using the DWIM parser that automagically knows in
    advance what you're going to do next.

    Otherwise, use IFTP.

    Rex Conn
    JP Software
     
  5. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,938
    Likes Received:
    30
    On Sat, 29 May 2010 09:10:40 -0400, rconn <> wrote:

    |---Quote---
    |> ---Quote (Originally by vefatica)---
    |> A question for Rex: This doesn't work:
    |>
    |> keystack /W100 "password" Enter & start /c copy
    |> ftp://vefatica:*@lucky/file
    |>
    |> because TCC logs in twice (I guess so anyway since one password prompt is
    |> dismissed automatically ... only to show another one). Here's what I see:
    |>
    |> Password: (lucky:vefatica): *************
    |> ftp://lucky/factorial.bat => V:\factorial.bat
    |> Password: (lucky:vefatica):
    |>
    |> Couldn't TCC re-use the password if it has to login several times to
    |> complete one command?
    |> ---End Quote---
    |---End Quote---
    |It could, if you're using the DWIM parser that automagically knows in
    |advance what you're going to do next.

    Doesn't the command I gave,

    keystack /W100 "password" Enter & start /c copy ftp://vefatica:*@lucky/file

    say it all? Does it leave any doubt about my intention?
    --
    - Vince
     
  6. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,854
    Likes Received:
    83
    There's 100% doubt in the parser, which when it's doing the first connection
    to ftp: (to query the filename) has no idea that COPY is then going ask it
    to do at least one and probably two more connections. The only way to do
    what you want would be to add a custom ftp parser to every file command (not
    going to happen!).

    That's why there's IFTP. The only reason not to use IFTP is if you want to
    save a few characters at the expense of *always* being substantially slower.

    Rex Conn
    JP Software
     

Share This Page