Verifying SSH host key in Tectia and WinSCP SFTP clients

Question

I have two scripts to upload files into SFTP server:

sftp2 --identity-key-file=D:\test_ssh2 -B d:\test.txt [email protected]

open sftp://[email protected] -privatekey=D:\test.ppk -hostkey="ssh-rsa 1536 xxxxxxxxxxxxxxxxxxxxxxxxxxx"

Please help to explain:

1. What is the difference between the two scripts?
2. Why the first script doesn't need any host key, while the second script needs it?
3. Can I call SFTP with private key without using any hostkey?

Answer 1

What is the difference between the two scripts?

The first is batch file using Tectia sftp2.exe client.
The second is WinSCP script file.

---

Why the first script doesn't need any host key, while the second script needs it?

Most SFTP/SSH clients will prompt you to verify host key fingerprint on the first connect. If you verify the host key, it gets cached and you won't get prompted the next time.

Tectia sftp2.exe and WinSCP are no different.

If your Tectia sftp2.exe script works as it is, you must have verified the host key in this client before manually.

While your WinSCP script contains an explicit fingerprint of the host key. So the script will work, even if you have not verified the host key manually with WinSCP before running the script. This is recommended use of WinSCP, as it makes your script portable (not dependent on a hidden cache of host keys). But if you prefer, you can verify the host key manually with WinSCP, the same way you have done with Tectia.

---

Can I call SFTP with private key without using any hostkey?

Private key has nothing to do with host key. So this question makes little sense. See WinSCP article on SSH key pairs to understand.