Windows SFTP with PGP using CLI

From Michael's Information Zone
Revision as of 13:58, 2 June 2016 by Michael.mast (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This is the process I went through when configuring a scheduled task on a Windows Server to do the following

  • Download files over SFTP (aka SCP aka SSH aka You get the point) using keys without passdwords.
  • Move the remote files to an archive location on the remote server after download finished.
  • Decrypt the downloaded files
  • Sort the decrypted files so the developers could do whatever they needed to with them.


Prep Work

The following programs will need to be downloaded and installed on the server running job


During installation make sure to enable PATH integration.
(The following needs more details)

  • Create your SSH keys. I had created them using my Linux workstation, then had WinSCP convert them to the PPK format that WinSCP requires. WinSCP can create keys for you, but that is outside of this documents scope at the moment.
  • For the server you will be downloading from, obtain the host key. WinSCP will be able to provide this in it's logs when you attempt to connect.
  • Create your PGP keys. I created pgp keys using my workstation, and provided the vendor the public key. I am using the private key with password protection (for transferring the key from my workstation to the server) to decrypt with.
  • On the Windows domain I am working in, I created a dedicated user with limited access to run the scheduled job as. But do whatever works in your environment. The important thing to rememeber is to import the key you want to use for decryption.
gpg --import <key>


The Batch Script

Really sorry for just dumping this without a lot of explanation, and yes I know there are more efficient methods of doing this. 

WinSCP /command "open sftp://<username>@XXX.XXX.XXX.XXX/path/to/files/ -privatekey=D:\path\to\private\keyfile.ppk -hostkey=""ssh-rsa XXXX xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""" "get *.pgp D:\path\to\local\destination\" exit
WinSCP /command "open sftp://<username>@XXX.XXX.XXX.XXX/path/to/files/ -privatekey=D:\path\to\private\keyfile.ppk -hostkey=""ssh-rsa XXXX xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx""" "mv *.pgp /path/to/remote/archive" exit
for %%i in (D:\path\to\local\destination\*.txt.pgp) do (gpg --batch --yes --passphrase Concur --output "%%i.txt" --decrypt "%%i")
move D:\path\to\local\destination\*.txt D:\path\to\local\destination\Decrypted\
move v*.txt.pgp D:\path\to\local\destination\Archive\
Retrieved from "https://wiki.1701technology.com/index.php?title=Windows_SFTP_with_PGP_using_CLI&oldid=81"