search

tomohulk / WinSCP

WinSCP PowerShell Wrapper Module
GNU General Public License v3.0
156 stars 30 forks source link

New-WinSCPSessionOption parameter -PrivateKeyPassphrase does not work with -SshPrivateKeyPath #78

Closed TrickyTic closed 6 years ago

TrickyTic commented 6 years ago

Issue Description

The PrivateKeyPassphrase parameter for New-WinSCPSessionOption does not unlock key files protected with a passphrase when passed as a SecureString per documentation and declaration.

When passed as a plain string it works as expected.

Example

# Create WinSCP session option
$Opt=New-WinSCPSessionOption -Hostname "usdatuat15.beis.com" -Protocol SFTP -SshHostKeyFingerPrint "ssh-dss 1024 a7:ab:dd:69:ac:44:aa:be:07:74:51:43:4e:26:22:3a"
$Opt.SshPrivateKeyPath = (Get-Item -Path ".\rhowarth_2016.ppk").FullName
$Opt.UserName="rhowarth"

# Load passphrase securestring
$Secret=Get-Content "secret.txt" | ConvertTo-SecureString
# Convert secret to plain text
$NoSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(($Secret)))

Write-Host "`nAttempting connection with passphrase as secure string"
$Opt.SshPrivateKeyPassphrase = $Secret
New-WinSCPSession $Opt

Write-Host "`nAttempting connection with passphrase as plain text"
$Opt.SshPrivateKeyPassphrase = $NoSecret
New-WinSCPSession $Opt

Expected Output

Successful connection

Actual Output

Wrong passphrase

Attempting connection with passphrase as secure string
New-WinSCPSession : Exception calling "Open" with "1" argument(s): "Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "rhowarth".
Authenticating with public key "rhowarth_2016".
Wrong passphrase.
Authentication failed."
At C:\RHOWARTH_ONEDRIVE\PowerShell\Egencia\sftp_error.ps1:13 char:1
+ New-WinSCPSession $Opt
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-WinSCPSession], MethodInvocationException
    + FullyQualifiedErrorId : SessionRemoteException,New-WinSCPSession

Attempting connection with passphrase as plain text

Opened       Timeout HostName
------       ------- --------
True        00:01:00 usdatuat15.beis.com

WinSCP-PowerShell Version

5.13.2.0

Environment

Windows 10 1709, PSVersion 5.1.16299.431

dotps1 commented 6 years ago

This looks like an issue with the parameter names to me. https://winscp.net/eng/docs/library_sessionoptions. I never updated the parameter name when I changed the type to a [SecureString]. can you try this and let me know if it works:

$Opt.SecurePrivateKeyPassphrase = $Secret

let me know if that works, ill get a new version published. Thanks.

TrickyTic commented 6 years ago

Yes, that worked. Thanks for the quick repsonse. And the simple solution :)