Failed to start WinSCP when an @ is in password

[handfreezer]

All in the title, as kitty is using command line to pass the password to winscp through an URL containing the password, the @ of the password is interpreted by WinSCP as the separator between username and servname.

[MNLierman]

This project isn't maintained anymore, the dev is MIA and I've been wanting to see this project given back to the community. If we can't take control of the repo or have the dev hand over the repo as an organization (free) then we can fork it. This app has given me immense value. Unfortunately, as does most projects that gain popularity, one dev cannot keep up while also working a full-time job and tending to a family. I'm sure that is what has happened to this dev, and I'm sure when I have a family, there may be projects that I don't have time for anymore. I guess that's just kind of the way life is.

In regards to your bug report, for assistance for the next dev if this one isn't coming back, can you provide more information on what you mean? I don't have this problem. I have passwords with @ in them and I have also created new default sites in WinSCP to test and the @ does not cause a problem in the latest build of KiTTY from Sept 2023 and the latest build of WinSCP. Futher, I'm not aware of WinSCP utilizing KiTTY. I have them separated tho. I have a folder called Portables on my PCs synced to OneDrive and in that folder are folders for WinSCP, Kitty, Putty, etc.

WinSCP can use Putty for a command-line but I'm not aware of it officially supporting the command-line of Kitty, therein lies the problem. If you are naming Kitty.exe to Putty.exe to trick WinSCP into using it, this is not supported. I just checked that too and this is a hard-coded check by WinSCP it looks for "C:\Program Files (x86)\PuTTY\putty.exe"

[handfreezer]

Hello, I'll try to be more clear, here are steps to reproduce:

1. install winscp with installer on windows
2. download and launch last kitty
3. start an ssh connection to a linux server where credential contains an @ (in my case it is the password, but I guess that in a login will do the same)
4. when connected in remote shell, use the upper-left menu icon of kitty window to launch winscp installed locally on the windows computer

it will fail as the login/password are transmitted to winscp over command line (security point is to discuss maybe, as visible in process command line of windows), and winscp is failing because it is splitting the url on the first @ to get the server name.

Exemple: login is myname password is The@Secret server is linux.server.demo

winscp will be launched with: scp://myname:The@Secret@linux.server.demo and winscp try to connect to the server named: Secret@linux.server.demo

[MNLierman]

Thank you for the additional details, I get what you're saying now. I remember writing a script a while back using KiTTY and WinSCP together as you describe and the script didn't work. I didn't look into it, as I have many other projects, so I never attributed the possibility of the @ symbol being the cause. This has me interested, as I would like that script to work. I'm not able to test this at the moment, but I have some ideas at solving this. Since it's a URL, I want you to try the following and see what happens:

1. Replace @ with %40 – this is the encoded ASCII number a browser would use for @.
2. Replace @ with @ – this is the HTML ASCII number.
3. Test different methods of escaping the URL, or just the username and password, with quotations " . For example, scp://"username:p@ssword"@exampledomain.net
4. Try escaping with a \, for example, scp://username:p\@ssword@exampledomain.net

Let me know what you find.