WinSCP or Putty authenticates against Microsoft ISA/ TMG

Many companies use Microsoft ISA/ TMG as their enterprise proxy solution. This may work for most cases. But in some scenarios, it does not work well. For example, use WinSCP or Putty behind the proxy AND the proxy requires authentication.

ISA/ TMG is mircrosoft technology, it uses NTLM based authentication which is not supported by many third party software. I found this out when writing a script to download files from an external SFTP server. WinSCP always gave me a proxy authentication error.

The workaround is to setup a local proxy that supports NTLM authentication. I use cntlm which works well for me. This is how it works:


Here is the code example:


cd /d %~dp0


editV64 -p ” Please enter your username: ” USERNAME
editV64 -p ” Please enter your password: ” -m PASSWORD

cntlm -u %USERNAME% -p %PASSWORD% -c cntlm.ini

winscp session_name /console /command “option confirm off” “get *” “exit”

taskkill /F /IM cntlm.exe


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s