WinSCP or Putty authenticates against Microsoft ISA/ TMG


Many companies use Microsoft ISA/ TMG as their enterprise proxy solution. This may work for most cases. But in some scenarios, it does not work well. For example, use WinSCP or Putty behind the proxy AND the proxy requires authentication.

ISA/ TMG is mircrosoft technology, it uses NTLM based authentication which is not supported by many third party software. I found this out when writing a script to download files from an external SFTP server. WinSCP always gave me a proxy authentication error.

The workaround is to setup a local proxy that supports NTLM authentication. I use cntlm which works well for me. This is how it works:

Image

Here is the code example:

@ECHO OFF

cd /d %~dp0

set USERNAME=
set PASSWORD=

editV64 -p ” Please enter your username: ” USERNAME
editV64 -p ” Please enter your password: ” -m PASSWORD

cntlm -u %USERNAME% -p %PASSWORD% -c cntlm.ini

winscp session_name /console /command “option confirm off” “get *” “exit”

taskkill /F /IM cntlm.exe

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s