Do not blindly answer “y”, you lose a protection against man-in-the-middle attacks.
You should use the -hostkey
switch with your host key fingerprint.
Actually it’s the same with WinSCP, that you ended up using. WinSCP open
command also has the -hostkey
switch.
If it does work without the -hostkey
switch, it’s because the host key is cached in Windows registry from some previous interactive use of WinSCP.
Similarly, that’s the same with pscp. Had you used PuTTY or pscp (or any other tools from PuTTY suite) before interactively and had you confirmed the host key, it would get cached. And later automatic uses would pass without confirmation.