SFTP fingerprint acknowledgement

[millardjk]

Okay, I'm loving the built-in support for SFTP that's now in v11. Yay!

However, in order to get a bulletproof script that runs unattended, I need to be able to automatically acknowledge the fingerprint that the remote host returns when connecting using either IFTP or a "direct" call in case the host needs to replace its key.

TCC is "remembering" my answer the first time it "asks" when I use it interactively (thanks for that, but where is it being stored?), but I don't really want my scripts to "hang" until I notice them when they're running unattended in the event there's a change, or if I need to move the processing to another machine in my enterprise.

Did I miss something in the documentation, or is this an enhancement request?

And yes, I'm fully aware that blind acknowledgment defeats any number of security benefits of the key exchange process in SSH. However, that's not important in this scenario: I'm sending a simple text file, and the recipient is requiring SFTP, not me--I'd be OK with old-school FTP and am happy to assume that the recipient is the one I intend to receive the data.

 

[vefatica]

On Fri, 28 May 2010 18:42:39 -0400, millardjk <> wrote:

|TCC is "remembering" my answer the first time it "asks" when I use it interactively (thanks for that, but where is it being stored?), but I don't really want my scripts to "hang" until I notice them when they're running unattended in the event there's a change, or if I need to move the processing to another machine in my enterprise.

You might be able to use KEYSTACK; perhaps like this.

KEYSTACK /W100 "Y" & START /C COPY sftp://host/path/file

A new instance of TCC will start in the foreground and 100/18 seconds later, "Y"
will be simulated. If the "Y" is unnecessary, it'll just show up in the second
instance's console (after the command has finished and before the second
instance exits).

A question for Rex: This doesn't work:

keystack /W100 "password" Enter & start /c copy ftp://vefatica:*@lucky/file

because TCC logs in twice (I guess so anyway since one password prompt is
dismissed automatically ... only to show another one). Here's what I see:

Password: (lucky:vefatica): *************
ftp://lucky/factorial.bat => V:\factorial.bat
Password: (lucky:vefatica):

Couldn't TCC re-use the password if it has to login several times to complete
one command?
--
- Vince

 

[vefatica]

A question for Rex: This doesn't work:

keystack /W100 "password" Enter & start /c copy ftp://vefatica:*@lucky/file

because TCC logs in twice (I guess so anyway since one password prompt is
dismissed automatically ... only to show another one). Here's what I see:

Password: (lucky:vefatica): *************
ftp://lucky/factorial.bat => V:\factorial.bat
Password: (lucky:vefatica):

Couldn't TCC re-use the password if it has to login several times to complete
one command?

Keystack has nothing to do with it. I must enter the password twice when doing it manually as well.

 

[rconn]

> ---Quote (Originally by vefatica)---
> A question for Rex: This doesn't work:
>
> keystack /W100 "password" Enter & start /c copy
> ftp://vefatica:*@lucky/file
>
> because TCC logs in twice (I guess so anyway since one password prompt is
> dismissed automatically ... only to show another one). Here's what I see:
>
> Password: (lucky:vefatica): *************
> ftp://lucky/factorial.bat => V:\factorial.bat
> Password: (lucky:vefatica):
>
> Couldn't TCC re-use the password if it has to login several times to
> complete one command?
> ---End Quote---

It could, if you're using the DWIM parser that automagically knows in
advance what you're going to do next.

Otherwise, use IFTP.

Rex Conn
JP Software

 

[vefatica]

On Sat, 29 May 2010 09:10:40 -0400, rconn <> wrote:

|---Quote---
|> ---Quote (Originally by vefatica)---
|> A question for Rex: This doesn't work:
|>
|> keystack /W100 "password" Enter & start /c copy
|> ftp://vefatica:*@lucky/file
|>
|> because TCC logs in twice (I guess so anyway since one password prompt is
|> dismissed automatically ... only to show another one). Here's what I see:
|>
|> Password: (lucky:vefatica): *************
|> ftp://lucky/factorial.bat => V:\factorial.bat
|> Password: (lucky:vefatica):
|>
|> Couldn't TCC re-use the password if it has to login several times to
|> complete one command?
|> ---End Quote---
|---End Quote---
|It could, if you're using the DWIM parser that automagically knows in
|advance what you're going to do next.

Doesn't the command I gave,

keystack /W100 "password" Enter & start /c copy ftp://vefatica:*@lucky/file

say it all? Does it leave any doubt about my intention?
--
- Vince

 

[rconn]

> Doesn't the command I gave,
>
> keystack /W100 "password" Enter & start /c copy
> ftp://vefatica:*@lucky/file
>
> say it all? Does it leave any doubt about my intention?

There's 100% doubt in the parser, which when it's doing the first connection
to ftp: (to query the filename) has no idea that COPY is then going ask it
to do at least one and probably two more connections. The only way to do
what you want would be to add a custom ftp parser to every file command (not
going to happen!).

That's why there's IFTP. The only reason not to use IFTP is if you want to
save a few characters at the expense of *always* being substantially slower.

Rex Conn
JP Software