Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

How are SFTP fingerprints handled?

May
12,846
164
SFTP fingerprints seem to be remembered between sessions, but only for a while, and not across various versions of TCC. How are they handled?
 
I have no idea; that's not done by TCC.
TCC shows me this:
Code:
v:\> dir sftp://vefatica.net
The server provided the following fingerprint:
  e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99

Would you like to continue? (Y/N)?
 
TCC shows me this:
Code:
v:\> dir sftp://vefatica.net
The server provided the following fingerprint:
  e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99

Would you like to continue? (Y/N)?

That's correct, but that's not what you originally asked.

The ipworks ssh class passes the fingerprint when the class connects. If you accept it, it gets saved to your .INI file (server + fingerprint). (But it is never deleted.) When you reconnect, TCC looks to see if there's a match in the .INI file; if so it's accepted, if not you get the prompt.
 
I must have been doing two different things when I noticed the same version of TCC asking twice about the fingerprint. Now I see that it's actually in the INI file twice and I'm not asked about it any longer.
Code:
v:\> grep 48:99 %_ininame
vefatica.net=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99
sftp://vefatica.net=e4:dd:11:2e:82:34:ab:62:59:1c:c8:62:1d:4b:48:99
 
We got a (reasonably) neat solution to avoiding an interactive prompt in an unattended BTM file (for instance when run from Task Scheduler):

KEYSTACK Y enter
copy sftp://somewhere.com/somepath/somefile.txt mydestination
INPUT /c /W0

The Keystack puts the Y response into the buffer just in case the copy command is to a new site, and it pops up the 'fingerprint - do you want to continue' message.
That means that the copy command continues regardless
The Input then flushes the Y out of the buffer (/c) if the prompt did NOT appear, or waits 0 seconds for new input if the 'Y' was used up and there is nothing to clear.

However, it would be nice if TCC was able to detect that it was not running intereactively (ie from a service or scheduled task), and NOT put out a prompt that will never get acknowledged. (We are using TCC20 - this may already be fixed in a newer version, but I have no idea).
 
Back
Top