sftp

psftp.exe: The server’s host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.

 in Windows  tagged psftp.exe / sftp / sql / sql server / sql server management studio / windows by

Recently, we were debugging a scheduled job running on a Microsoft SQL Server Agent. After starting the SQL Server Management Studio, we saw that the specific task was using psftp.exe to upload some data securely to a remote server. When executing the job manually, it would work as expected. On the other hand, when the job would be executed automatically, it would always fail. After review the error logs, we got the following message:

Executed as user: FSRV\SYSTEM. …s\FTP\remote-server.ppk myuser@remote-server -batch -bc -be -b C:\putty\upload.txtThe server's host key is not cached in the registry. You  have no guarantee that the server is the computer you  think it is.  The server's rsa2 key fingerprint is:  ssh-rsa 2048 39:e4:84:b2:6f:bc:87:04:1f:21:bf:32:83:79:0b:cf  Connection abandoned.  DTSRun:  Loading…   DTSRun:  Executing…   DTSRun OnStart:  DTSStep_DTSExecuteSQLTask_1   DTSRun OnFinish:  DTSStep_DTSExecuteSQLTask_1   DTSRun OnStart:  DTSStep_DTSExecuteSQLTask_3   DTSRun OnFinish:  DTSStep_DTSExecuteSQLTask_3   DTSRun OnStart:  DTSStep_DTSActiveScriptTask_2   DTSRun OnFinish:  DTSStep_DTSActiveScriptTask_2   DTSRun OnStart:  DTSStep_DTSActiveScriptTask_3   DTSRun OnFinish:  DTSStep_DTSActiveScriptTask_3   DTSRun OnStart:  DTSStep_DTSDataPumpTask_1   DTSRun OnProgress:  DTSStep_DTSDataPumpTask_1; 34 Rows have been transformed or copied.; …  Process Exit Code 1.  The step failed.

The problem was with the account executing the scheduled job, which was different than the one that created the job. The second account, the one that was executing the scheduled jobs did not have any knowledge of the ssh-rsa key of the remote server. Because of this lack of information, psftp.exe could not verify that we were indeed trying to connect to the correct server. To fix this issue, we modified the psftp.exe execution command to match the following one:

C:\putty\psftp.exe -i C:\connections\FTP\remote-server.ppk myuser@remote-server -batch -bc -be -b C:\putty\upload.txt -hostkey 39:e4:84:b2:6f:bc:87:04:1f:21:bf:32:83:79:0b:cf

To help any reader that is not familiar with the psftp.exe and powershell (or cmd) we will breakdown the arguments of the above command:

  • C:\putty\psftp.exe : is the exact location of the psftp.exe binary on that server
  • -i C:\connections\FTP\remote-server.ppk : PPK files are PuTTY Private Key Files developed by Putty and they serve as storage for the private keys the program generated. In this case, instead of using a combination of username and password to authenticate, the client was given a private key to use as proof of identity and authenticity.
  • myuser@remote-server : The username and the domain or IP of the remote server.
  • -batch : Disables interactive prompts as no person will be supervising the script.
  • -bc : It displays batch commands in the same way they are run. It is useful for logging and troubleshooting.
  • -be : When running a batch file, this additional option causes psftp.exe to continue processing even if a command fails to complete successfully. An example you might want this to happen is the following: you want to delete a file and don’t care if it is already not present.
  • -b C:\putty\upload.txt : It specifies a file with batch commands. This argument helps users automate tasks by allowing them to set commands in advance.
  • -hostkey 39:e4:84:b2:6f:bc:87:04:1f:21:bf:32:83:79:0b:cf : Here, we copied the rsa-ssh key of the server that was displayed on the error and we explicitly defined it to let psftp.exe that it is trying to connect to the correct server. If you are not sure if the value you get at the errors is indeed the correct value, consult your system administrator.