2

Previously I was gaining access and transferring files (SSIS execute process task) with a .txt file configured as:

option batch on
option confirm off
open sftp://Username:[email protected]:22  -hostkey="ssh-rsa 2222 00:00:00:00:00:0c:00:ee:e0:00:0d:0e:b0:0a:00:00"
option transfer binary
Put -nopermissions -resumesupport=Off   -nopreservetime E:\path.txt /Inbound/path/

Now I'm told to use a new SFTP structure – site name: hostname.com and IP address 100.00.000.000.

I'm provided a list of ciphers and key exchanges for example: ECDHE-RSA-AES000-GCM-SHA000 (Key Exchange=ECDH; Auth=RSA) (I've changed some characters for security reasons)

How do I change the .txt file to use this new way?

Improve this question
4
  • Are you sure the new site is supposed to use SFTP and not FTPS? Huge difference.
    – grawity_u1686
    Commented Apr 14, 2020 at 17:34
  • This was in the notes: In the interest of using only the most secure ciphers available, the new SFTP server will exclusively support the following cipher suites:
    – Kim Avery
    Commented Apr 14, 2020 at 17:38
  • Sounds like whoever wrote the notes got a few things mixed up... the problem is that 'cipher suites' are a TLS thing (FTPS uses the same TLS that powers HTTPS) and they just outright don't apply to SFTP (which is SSH-based). And in any case, there are no security reasons to censor their names.
    – grawity_u1686
    Commented Apr 14, 2020 at 17:43
  • Thank you for this. And yes after Googling I see that ciphers don't need to masked for security purposes. I've reached out to folks in my org to get this resolved.
    – Kim Avery
    Commented Apr 14, 2020 at 18:22

2 Answers 2

Reset to default
2

As already commented by @Kim, ECDHE-RSA-AES***-GCM-SHA*** is a TLS/SSL cipher suite. TLS/SSL is used by FTP(S). While SFTP uses SSH.

Your script file looks like WinSCP script.

WinSCP supports both SFTP and FTP(S).

Just change your open command to use ftpes:// instead of sftp://. Additionally, the port number will differ, but let's assume that your FTP(S) server uses the standard port. Also -hostkey is not relevant for FTPS.

open ftpes://username:[email protected]/

The rest of the script might stay the same. Though it's possible that the remote path (/Inbound/path/) might need an update too.

Note that contrary to SFTP, the FTP is supported natively by SSIS. So you might use the native SSIS FTP task as well. But that's a larger change, than the simple WinSCP script update.

Improve this answer
14
  • Thank you Martin. Tried open ftpes:// and I get message ftpes does not exist. Once the remote server's IP address was whitelisted and I updated Winscp I'm able to log onto the remote server via Winscp's UI. But still not able to automate with a script
    – Kim Avery
    Commented Apr 28, 2020 at 15:20
  • When I leave it as Open sftp I get the message: Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet
    – Kim Avery
    Commented Apr 28, 2020 at 15:21
  • What version of WinSCP are you using?
    – Martin Prikryl
    Commented Apr 28, 2020 at 15:21
  • Ok I changed it to ftps and it seemed to connect, then get different message: Negotiating TLS Connection Connection failed Disconnected
    – Kim Avery
    Commented Apr 28, 2020 at 15:24
  • getting version now
    – Kim Avery
    Commented Apr 28, 2020 at 15:25
1

So the updated version of WinSCP was 5.17.5. The server's IP address I was transferring the files from was added to the receiving server's whitelist. Then I could connect to the receiving server via WinSCP's UI by entering Host name, username/password (port 22 in my case). In Advanced settings Directories I added the path, in SSH/Key Exchange I ensured ECDH key exchange was at the top of the list and RSA based was 2nd. Login was successful. Then I went to the Session tab - Generate URL/Code, checked include the SSH host key (if not greyed out) then went to the Script tab and it will give you the initial open command that it is using during that session. It will give you the SHA-256 fingerprint of the host key instead of the MD5 we’ve been used to using. Copy to the clipboard, I then used this as the Open line in my script: Example:

Option batch On
Option confirm Off

open sftp://Username:[email protected]/ -hostkey="ssh-rsa 2048 k8L86hrEaiZI+v/fxxxxx/Igxxxxxxx/iF1iKzI=" -rawsettings KEX="ecdh,rsa,dh-gex-sha1,dh-group14-sha1,WARN,dh-group1-sha1"

# Your command 1
# Your command 2
Close
exit

Now my script executes and transfers the file.

Improve this answer
1
  • I'm glad that you have resolved your problem. But note that you have asked about ECDHE-RSA-AES000-GCM-SHA000, what looks like TLS ciphersuite. While your solution uses SFTP, what has nothing to do with TLS. You have something wrong in your requirements.
    – Martin Prikryl
    Commented May 1, 2020 at 6:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .