RE: Secure FTP Client

• Previous message: Undisclosed: "help with forensics on a desktop computer"
• Maybe in reply to: sf_mail_sbm_at_yahoo.com: "Secure FTP Client"
• Next in thread: Edwin Rene: "Re: Secure FTP Client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Nov 2004 08:58:18 -0500
To: <security-basics@securityfocus.com>

If you desire to use scp/sftp transfers in an unattended batch script
you may run into a snag that I had. (and just resolved yesterday). An
important part of the SSH protocol is two way authentication. The
server is authenticated by providing its public key and most software
asks you to confirm it by displaying its fingerprint. After the first
session that key is cached and you're never asked again (unless the
server key changes)

My problem was that I wanted to use scp to transfer files from a target
during an evaluation. I love putty and wanted to use pscp but putty
caches the server fingerprint in the registry and there is no way to
bypass the check or feed it the fingerprint in any other way. Their
solution is to insert keys into the registry but I have no business
doing that on a client's server.

The solution came with scp.com's client that caches everything into a
file and a switch is available to point to an alternate file location.
So in the batch script's working directory I provide scp2.exe a
certificate and the server's fingerprint. Finally I have unattended,
scripted scp/sftp transfers from win32!

Hope this helps someone.
-Jeff

----- Originalnachricht -----
Von: sf_mail_sbm@yahoo.com
Datum: Dienstag, 9. November 2004, 7:20
Betreff: Secure FTP Client

>
>
>
>
> Hi List,
>
>
>
> I am looking for a Secure-FTP client for Windows which I can use
> to connect to a Secure-FTP server which is an AIX machine running
> Open-SSH
>
>
>
> I know there are lots of FREE tools out there, but my company
> prefers
>
> to pay for a commercial product "for security reasons"
>
>
>
> Just wanted to get an idea of the tools that you have already used
>
>
>
> Our requirement would be one which is command-line so that we can
> write
>
> batch files to automate file downloads
>
>
>
> I had a look at WS_FTP and CuteFTP but these do not suit our
> requirements
>
>
> Thanks to all
>
> Ronish
>

• Previous message: Undisclosed: "help with forensics on a desktop computer"
• Maybe in reply to: sf_mail_sbm_at_yahoo.com: "Secure FTP Client"
• Next in thread: Edwin Rene: "Re: Secure FTP Client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Running Scheduled Tasks Remotely Without Full Administrator Ri ... It seems that in order to CREATE a task, one must be an administrator. ... What if you give the user "Run as Batch" right explicitly? ... try to create the scheduled task with the test user. ... MCSA Windows 2003 server ... (microsoft.public.windows.server.general) Re: Global variables and DTS Packages ... Allan Mitchell MCSE,MCDBA, (Microsoft SQL Server MVP) ... > different servers whenever a batch is paid-off. ... > VB6 application to DTS package which will create a SQL ... (microsoft.public.sqlserver.dts) Re: Batches ... As Tibor stated it will be one batch and not 7000 individual round trips. ... building a single string I could have answered that more appropriately. ... > This is just the standard method of the built in .NET SQL Server data> provider. ... (microsoft.public.sqlserver.programming) Re: Checkpoint causes need for better IO subsystem? ... seconds typically matches the duration of a normal checkpoint. ... you may benefit from more physical RAM in the server. ... It's during pereids of batch inserts that this happens which occurs many ... transfered over all of the hard drives, that during these batch inserts, ... (microsoft.public.sqlserver.tools)