login about faq

Using the server certificate for authentication using client on Window 2008 server. Tried two different ways of connections

  1. Setup profile and use profile to connect. The connection works fine but client has to be connected all the time. Otherwise the batch file fails to connect.

  2. Tried to connect the system url to connect to server.

    • Manual tries with sftpg3.exe always works and it'll ask for connection to once/cancel/save option every time.
    • Batch file not consistent as sometime it works otherwise it keeps giving error --> cannot open connection to server key exchange failed.

Questions:

  1. Is there a way to disable cancel/once/save option using command line since server is sending different certs every time?
  2. How to overcome connection issue?

asked Jan 17 '11 at 21:48

Ben's gravatar image

Ben
1222

edited Jan 29 '11 at 19:26

Roman's gravatar image

Roman ♦♦
7735817


  1. Setup profile and use profile to connect. The connection works fine but client has to be connected all the time. Otherwise the batch file fails to connect.

The reason for this is a feature called connection caching. As long as you have a connection open with one client (be it the graphical Terminal Client, command line sshg3 or sftpg3) your other clients can reuse that connection. This can be disabled in the configuration file to set exclusive connection for new connection under default settings or in the command line by using the --exclusive command line argument. This way you'll get more consistent results since it will always request a new connection on every attempt and should not get different results depending on whether other clients are running.

Now on to your questions:

Is there a way to disable cancel/once/save option using command line since server is sending different certs every time?

Tectia client supports two types of server identification: plain hostkeys (Just signed keys really. This is the default and what OpenSSH also uses) and actual server certificates (the ones issued by Certificate Authorities, that is, full PKI). I suppose you're talking about server hostkeys here since this is the most common scenario, but please correct me if I'm wrong.

Now, if the server indeed seems to be sending different hostkeys every time this does sounds concerning. Are you connecting to multiple servers or just one? Are you sure it's not the same hostkey but just prompting to accept it again and again?

What do you answer to the prompt to save the hostkey (cancel/once/save) ? If answering once then the hostkey is only accepted for this one connection and the client will prompt again on the next connection.

If answering save it might be that the hostkey is not being saved for some reason. Check that the user has rights to write to the following location:

%APPDATA%\SSH\Hostkeys

How to overcome connection issue?

Sounds like the batch script may not be able to connect sometimes because the hostkey is not saved. And may work sometimes due to the connection caching.

link

answered Jan 18 '11 at 06:48

Roman's gravatar image

Roman ♦♦
7735817

HI,

I am trying to run the same command in server through .net code. When I run it as a user it is working.But how do I give the option to save host key from .net when some other user is running for the first time. They should not be prompted to to save host key. I want to automate the code for any user to use it when they use my .net code.

link

answered Apr 20 '16 at 21:22

samskruti's gravatar image

samskruti
1

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×12
×4
×2

Asked: Jan 17 '11 at 21:48

Seen: 8,460 times

Last updated: Apr 20 '16 at 21:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.