SFTP using Ciphers and Key Exchange

Question

Previously I was gaining access and transferring files (SSIS execute process task) with a .txt file configured as:

option batch on
option confirm off
open sftp://Username:password@hostsite.com:22  -hostkey="ssh-rsa 2222 00:00:00:00:00:0c:00:ee:e0:00:0d:0e:b0:0a:00:00"
option transfer binary
Put -nopermissions -resumesupport=Off   -nopreservetime E:\path.txt /Inbound/path/

Now I'm told to use a new SFTP structure – site name: hostname.com and IP address 100.00.000.000.

I'm provided a list of ciphers and key exchanges for example: ECDHE-RSA-AES000-GCM-SHA000 (Key Exchange=ECDH; Auth=RSA) (I've changed some characters for security reasons)

How do I change the .txt file to use this new way?

score 2 · Answer 1 · answered Apr 15 '20 at 06:00

As already commented by @Kim, ECDHE-RSA-AES***-GCM-SHA*** is a TLS/SSL cipher suite. TLS/SSL is used by FTP(S). While SFTP uses SSH.

Your script file looks like WinSCP script.

WinSCP supports both SFTP and FTP(S).

Just change your open command to use ftpes:// instead of sftp://. Additionally, the port number will differ, but let's assume that your FTP(S) server uses the standard port. Also -hostkey is not relevant for FTPS.

open ftpes://username:password@example.com/

The rest of the script might stay the same. Though it's possible that the remote path (/Inbound/path/) might need an update too.

Note that contrary to SFTP, the FTP is supported natively by SSIS. So you might use the native SSIS FTP task as well. But that's a larger change, than the simple WinSCP script update.

score 1 · Answer 2 · edited May 01 '20 at 06:27

So the updated version of WinSCP was 5.17.5. The server's IP address I was transferring the files from was added to the receiving server's whitelist. Then I could connect to the receiving server via WinSCP's UI by entering Host name, username/password (port 22 in my case). In Advanced settings Directories I added the path, in SSH/Key Exchange I ensured ECDH key exchange was at the top of the list and RSA based was 2nd. Login was successful. Then I went to the Session tab - Generate URL/Code, checked include the SSH host key (if not greyed out) then went to the Script tab and it will give you the initial open command that it is using during that session. It will give you the SHA-256 fingerprint of the host key instead of the MD5 we’ve been used to using. Copy to the clipboard, I then used this as the Open line in my script: Example:

Option batch On
Option confirm Off

open sftp://Username:password@hostsite.com/ -hostkey="ssh-rsa 2048 k8L86hrEaiZI+v/fxxxxx/Igxxxxxxx/iF1iKzI=" -rawsettings KEX="ecdh,rsa,dh-gex-sha1,dh-group14-sha1,WARN,dh-group1-sha1"

# Your command 1
# Your command 2
Close
exit

Now my script executes and transfers the file.

SFTP using Ciphers and Key Exchange

2 Answers2