This blogpost is about moving files over the internet in an old but secure way. I am going to write about automating the upload of files via STFP using Powershell and use encryption to do so. WinSCP is used to upload files and 7Zip (powershell module) is used for encrypting the files. We are going to use task scheduler to create a task which uploads a file each day.
Preparation uploading files encrypted via SFTP using Powershell
We need to install 2 applications. WinSCP is available as application, this is a download link. Furthermore we need to install the 7Zip powershell module. You can do so by using the following command:
Install-Module -Name 7Zip4Powershell
Now we need to create 2 config files to store the encypted passwords. Firstly, you need to start with running Powershell as the user that you are going to schedule the task with. Otherwise you the user which runs the task can’t decrypt the passwords we are going to use in the config files.
Hold shift and right mouse click a Powershell icon you will get the option to run as a different user:
We are now encrypting the encryptionkey used to encrypt the archive we are going to build with 7Zip.
You can do so by using the following code: (you need to enter the encryption key you want to use to encrypt the 7Zip archive)
$securePassword = Read-host -AsSecureString | ConvertFrom-SecureString $securePassword | Out-File -FilePath C:\MyPasswords\password.txt #Use Accordingly
Enter the path of this in the value of the script called $EncryptedPassword
Next up is the config file for WinSCP. (We still use the Powershell session started by the user which runs the scheduled task).
Run the following code again: (you need to enter the password of the SFTP useraccount)
$securePassword = Read-host -AsSecureString | ConvertFrom-SecureString $securePassword | Out-File -FilePath C:\MyPasswords\WinSCPConfig.xml #Use Accordingly
We need edit this file. Edit this file so that it has the following content: (Change the SFTPUSERNAME accordingly)
Last but not least we need to create the scheduled task.
Go to the task scheduler and create a task:
Enter a name and select the user which you used to create the encrypted passwords:
Create a schedule:
Create a new action and select powershell to run. In addition, you need enter to following at “add arguments”: -ExecutionPolicy ByPass -File “C:\PathtoFile.ps1”
The task is created. You need to fill in the variables in the script. Please keep in mind that you need to fill in the variables.
Upload Script
Fill in all the variables:
$EncryptedPassword = Get-Content -Path "Path to password.txt" | ConvertTo-SecureString $decPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Encryptedpassword)) $SshHostKeyFingerprint="Enter SSH Keyprint" $sftp_host="Enter IP Address" $sftp_folder="FolderName" $SourceFolder="FolderName" $WinSCPConfigFile="Path to Config.xml" $7ZipSourceFilePath="FilePath to Source" $7ZipArchiveFilePath="FilePath to Archive" $WinSCPDLL="C:\Program Files (x86)\WinSCP\WinSCPnet.dll" #Use Accordingly #bestanden versleutelen Compress-7Zip -Path $7ZipSourceFilePath -ArchiveFileName $7ZipArchiveFilePath -Format SevenZip -Password $decPassword -EncryptFilenames # Read XML configuration file [xml]$config = Get-Content $WinSCPConfigFile try { # Load WinSCP .NET assembly Add-Type -Path $WinSCPDLL # Setup session options $sessionOptions = New-Object WinSCP.SessionOptions -Property @{ Protocol = [WinSCP.Protocol]::Sftp HostName = $sftp_host UserName = $config.Configuration.UserName SecurePassword = ConvertTo-SecureString $config.Configuration.Password SshHostKeyFingerprint = $SshHostKeyFingerprint } $session = New-Object WinSCP.Session try { # Connect $session.Open($sessionOptions) # Upload files $transferOptions = New-Object WinSCP.TransferOptions $transferOptions.TransferMode = [WinSCP.TransferMode]::Binary $transferResult = $session.PutFiles($SourceFolder, $sftp_folder, $False, $transferOptions) # Throw on any error $transferResult.Check() # Print results foreach ($transfer in $transferResult.Transfers) { Write-Host "Upload of $($transfer.FileName) succeeded" } } finally { # Disconnect, clean up $session.Dispose() } } catch { Write-Host "Error: $($_.Exception.Message)" }
References
Creating Encrypted Password
Upload Files using WinSCP & Powershell