Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- pscp Connection abandoned
December 23, 2008, 6:08 am
rate this thread
the following output (verbose) when trying to connect:
$ ./pscp -batch -v 10.10.10.60 email@example.com:/home/app
Looking up host "10.10.10.1"
Connecting to 10.10.10.1 port 222
Server version: SSH-2.0-OpenSSH_4.7
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 2d:8f:d5:d2:e8:14:72:86:e6:41:7d:1f:ff:2e:d6:c3
Disconnected: User aborted at host key verification
Ive tried to figure it out on google and the closest thing I can
something to do with key caching and pageant, though I dont know
anything about pageant other than you can cache keys with it.
I dont know how to use it (via the command line) to clear its cache
even if thats the issue.
Im using pscp.exe stand alone, that is I installed it as a package of
programs Im using on a second computer and thats where it wont work,
however its working on my primary (development) machine just fine.
As a sidenote, under cygwin, scp works, but pscp fails per above
Does anyone have any ideas how I can fix this?
Re: pscp Connection abandoned
This must be the first time you have made an SSH connection to this host
from this client machine; PSCP requires a verified host key in order to
continue the connection.
The purpose and details of this procedure are explained in the PuTTY
Normally, PSCP would now ask you whether or not to accept this host key,
You have specified the "-batch" option, which instructs PSCP not to ask
the user any questions. The only safe option PSCP has in this
circumstance is to abort the connection.
If you remove "-batch" from the command line, PSCP will ask you what to
do with the host key, as described in the link above.
This is nothing to do with Pageant, or the user authentication keys that
Re: pscp Connection abandoned
No -- deliberately so.
From the PuTTY FAQ:
A.2.9 Is there an option to turn off the annoying host key prompts?
No, there isn't. And there won't be. Even if you write it yourself
and send us the patch, we won't accept it.
Those annoying host key prompts are the _whole point_ of SSH.
Without them, all the cryptographic technology SSH uses to secure
your session is doing nothing more than making an attacker's job
slightly harder; instead of sitting between you and the server with
a packet sniffer, the attacker must actually subvert a router and
start modifying the packets going back and forth. But that's not all
that much harder than just sniffing; and without host key checking,
it will go completely undetected by client or server.
Host key checking is your guarantee that the encryption you put on
your data at the client end is the _same_ encryption taken off the
data at the server end; it's your guarantee that it hasn't been
removed and replaced somewhere on the way. Host key checking makes
the attacker's job _astronomically_ hard, compared to packet
sniffing, and even compared to subverting a router. Instead of
applying a little intelligence and keeping an eye on Bugtraq, the
attacker must now perform a brute-force attack against at least one
military-strength cipher. That insignificant host key prompt really
does make _that_ much difference.
If you're having a specific problem with host key checking - perhaps
you want an automated batch job to make use of PSCP or Plink, and
the interactive host key prompt is hanging the batch process - then
the right way to fix it is to add the correct host key to the
Registry in advance. That way, you retain the _important_ feature of
host key checking: the right key will be accepted and the wrong ones
will not. Adding an option to turn host key checking off completely
is the wrong solution and we will not do it.
If you have host keys available in the common known_hosts format, we
have a script called kh2reg.py to convert them to a Windows .REG
file, which can be installed ahead of time by double-clicking or
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum