sftp script

  • I'm trying to upload files using sftp and winscp using a private key file. I'm getting an error not understanding..

    In my xml config file is where SshHostKeyFingerprint is pointed to the location on the .ppk file.

    Error:

    Error: The value supplied is not valid, or the property is read-only. Change the value, and then try again.

    Any thoughts to what I'm doing wrong. Thanks

    try
    {
    # Load WinSCP .NET assembly
    Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"

    # Read XML configuration file
    [xml]$config = Get-Content "c:\demo\config-testing.xml"

    # Setup session options
    $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = $config.Configuration.HostName
    UserName = $config.Configuration.UserName
    PortNumber = $config.Configuration.PortNumber
    SshHostKeyFingerprint = $config.Configuration.SshHostKeyFingerprint
    }
  • I would check to make sure the input is valid.  Double check the values you are passing into the properties of WinSCP.  For example, check the value of "$config.Configuration.HostName".  is it valid for a HostName?  Repeat with UserName, PortNumber, and SshHostKeyFingerprint.

    Since it is telling you that you have invalid input, chances are one of the above are coming back with an invalid entry.

    ALSO, when I looked up the syntax for this, the SshHostKeyFingerprint looks to be the RSA key, not a ppk file.  You MAY need to toss the contents of the PPK into a variable and pass that along.  The example from the WinSCP website is:

        $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = "example.com"
    UserName = "user"
    Password = "mypassword"
    SshHostKeyFingerprint = "ssh-rsa 2048 xxxxxxxxxxx...="
    }

    Reference - https://winscp.net/eng/docs/library_powershell

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • I changed to only use:

    SshPrivateKeyPath = $config.Configuration.SshPrivateKeyPath

     

    Then updated my xml config file to point at .ppk file now I get message:

    Error: SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.SshHostKeyFingerprint is not set.

     # Setup session options
    $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = $config.Configuration.HostName
    UserName = $config.Configuration.UserName
    PortNumber = $config.Configuration.PortNumber
    SshPrivateKeyPath = $config.Configuration.SshPrivateKeyPath
  • That makes sense as the fingerprint is the fingerprint of the remote server.

    I would recommend looking at some of the example scripts on the WinSCP site.  This one specifically should help in your case:

    https://winscp.net/eng/docs/library_example_known_hosts

    The point of the SshHostKeyFingerprint is to ensure that you are connecting to the host you expect.  It is not for authentication.  If you have ever used RDP or SSH, the first time you connect to a new machine, it will ask you if you trust the machine you are connecting to.  If you don't select to always allow, it will ask with each connection.

    I had misinterpreted your initial post thinking that the PPK file you had was what was holding the HOST key fingerprint, but that is your personal private key, which would encrypt the connection IF the server has your public key.

    Again though, I would recommend reading up on the WinSCP documentation and their examples.  They have illustrative examples as well as real-world examples - https://winscp.net/eng/docs/library_examples

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • Strange when I use the WinSCP UI I can supply Host,UserName and under Advanced for Autheniction use the ppk and it connects, but if I try to do that in PS script I get the error:

    Error: The value supplied is not valid, or the property is read-only. Change the value, and then try again.

  • As a guess - I would say that WinSCP probably has a list of valid fingerprints stored somewhere and when you connect, it checks the fingerprint against the known good ones.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • How can I make sure it's reading the config xml file properly, and loading the DLL.

    Debug pieces of the script.

     

     

  • Script debugging is always interesting.  The "best" (ie only) way I know how to do it is to find good breakpoints and run your code up until that breakpoint.  Next, print the output of the variables to screen.

    I don't know of any good Powershell debuggers, so the above is my general practice when working with Powershell.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • powershell_ise is a good enough debugger - may need to be installed on pc as its not always ticked by default.

  • Using the WinSCP GUI - there is an option to script the connection.  In that option it should provide a script which will show you what that connection is using.  That option shows several different formats - and even if they are not powershell specifically it should help you figure out what should be passed.

     

    Jeffrey Williams
    “We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”

    ― Charles R. Swindoll

    How to post questions to get better answers faster
    Managing Transaction Logs

  • When I started WinSCP GUI and it connected to the Host it allowed me to copy the fingerprint to the clipboard. I then pasted that into

    my xml config file, and now I'm up and running. I was passed the wrong data string previously.

    Thanks for all replies and help.

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply