abgtemp
asked on
Windows FTP over SSL using WinScp
I'm running Windows 2008 FTP Server and have configured the ftp server to allow SSL connections. I have created my self-sign certificate and done all of the configs on the server side.
I want to be able to in to the ftp server securely and upload a file. I need help with a winscp script file that connects to my server using encrypted authentication along with encrypted data transfer.
I want to be able to in to the ftp server securely and upload a file. I need help with a winscp script file that connects to my server using encrypted authentication along with encrypted data transfer.
There is a command line utility that works like WinSCP,
You can download from this page
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
or using this link
http://the.earth.li/~sgtatham/putty/latest/x86/pscp.exe
for docs and howto info
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter5.html#pscp
You can download from this page
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
or using this link
http://the.earth.li/~sgtatham/putty/latest/x86/pscp.exe
for docs and howto info
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter5.html#pscp
WinSCP and related programs use SSH, not SSL. SSH is a different and incompatible encryption method. To use WinSCP, you need an SSH server installed on your machine. The Filezilla client and server support FTPS (FTP over SSL): https://filezilla-project.org/
In that case you may need PSFTP instead
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter6.html#psftp
http://the.earth.li/~sgtatham/putty/latest/x86/psftp.exe
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter6.html#psftp
http://the.earth.li/~sgtatham/putty/latest/x86/psftp.exe
Sorry DavidBaldwin but that's not true... WinSCP has support for FTP over SSL... it's just not in the GUI. I just used the WinSCP command line version and opened a connection to my FTPS server and it worked fine.
I believe basic FTPS support was added to WinSCP in version 4.2. I don't know if it is scriptable like the SFTP engine.
You said that you need "encrypted authentication along with encrypted data transfer."
In terms of FTPS, this means you want both the control channel and the data channel to be protected. Different FTPS clients have different default behaviors in this regard... some default to only protecting the control channel because that runs faster. You'll have to check the WinSCP docs to be sure.
I use RoboFTP for scripting FTPS transfers and it has the /trust option you can add to your script so that it won't choke the first time it sees your self-signed certificate... so look for an option like that in winscp if you are going to distribute the script and don't want to support users that complain about having to acknowledge and accept the cert... in RoboFTP the connection command syntax would be something like:
FTPLOGON "svr.mydomain.tld" /user="UserID" /pw="secret" /servertype=FTPS /trust=all
You said that you need "encrypted authentication along with encrypted data transfer."
In terms of FTPS, this means you want both the control channel and the data channel to be protected. Different FTPS clients have different default behaviors in this regard... some default to only protecting the control channel because that runs faster. You'll have to check the WinSCP docs to be sure.
I use RoboFTP for scripting FTPS transfers and it has the /trust option you can add to your script so that it won't choke the first time it sees your self-signed certificate... so look for an option like that in winscp if you are going to distribute the script and don't want to support users that complain about having to acknowledge and accept the cert... in RoboFTP the connection command syntax would be something like:
FTPLOGON "svr.mydomain.tld" /user="UserID" /pw="secret" /servertype=FTPS /trust=all
ASKER
I want to run it from the command line using the following command and script file for it to process.
What I'm not clear on is the following questions when connecting
1. Should I be using ftps:// or ftp://
2. Which other flags should I be using to ensure my credentials are encrypted and the data I am sending? (-explicitssl -explicittls)?
winscp.exe /console /script=c:\ftpcmds
**********************
FTPCMDS
**********************
option confirm off
open ftp://ftpuser@myserver.com:21 -certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
option transfer binary
put d:\file.txt
close
exit
What I'm not clear on is the following questions when connecting
1. Should I be using ftps:// or ftp://
2. Which other flags should I be using to ensure my credentials are encrypted and the data I am sending? (-explicitssl -explicittls)?
ASKER
I was able to figure out the commands I needed. My final command was:
I set the FTP server on my Windows box to Require that the Control Path and Data Path be encrypted.
C:\winscp.com /console /script=c:\ftpcmds
**********************
FTPCMDS File Contents
**********************
option batch abort
option confirm off
open ftp://ftpuser:password@myserver.com -explicitssl -explicittls -certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
option transfer binary
put d:\file.txt
close
exit
I set the FTP server on my Windows box to Require that the Control Path and Data Path be encrypted.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for abgtemp's comment #a39181292
for the following reason:
No one else answered my question
Accepted answer: 0 points for abgtemp's comment #a39181292
for the following reason:
No one else answered my question
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well if you asked the question correctly maybe you would have got the answer you seeked
What part of the WinSCP script do you need help with? What exactly do you want the script to do?
Need more details to be able to help...