The Putty suite contains several executables beyond the main application. It also has pscp.exe, a command line scp client, and plink.exe which is a command line ssh client.
These clients can be used to run file transfers and commands against hosts in console mode, perfect for automation of repetitive tasks.
pscp.exe for file transfer
pscp.exe takes parameters very similar to the Linux based scp.
> pscp.exe -pw <password> <localfile> <user>@<host>:<targetRemoteFile>
For example, if you were moving a text file named README.txt to /tmp of a remote host named ‘trusty1’ as the user ‘myuser’, the command could look like below:
> pscp.exe -pw myP4ss README.txt myuser@trusty1:/tmp/.
Running this command would give the interactive prompt “Store key in cache? (y/n)”. You would be forced to press either y/n before moving on, and this is something the Putty developers want because of security concerns, but it also hampers automation.
There is a way around this, however. If you issued the same command but piped a “y” to the stdin, it would answer the prompt for you.
> cmd.exe /c echo y | pscp.exe -pw myP4ss README.txt myuser@trusty1:/tmp/.
plink.exe for ssh commands
plink is able to ssh into a host and run a set of commands using the following syntax:
> plink.exe -ssh -t -pw <password> <user>@<host> -m <script>
Valid commands include anything you could type from a normal ssh client.
If you had a text file named “plink-script.txt” with the content below it would print out the hostname, tell you the name of the current directory, and then list the files in /tmp.
hostname pwd ls /tmp
Then plink could be invoked like:
> plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt
But just like pscp, if the host key was not cached in the registry yet, you would get an interactive prompt saying “Store key in cache? (y/n)” which would not be conducive to a batch script.
And once again, the way around this is to pipe a “y” to stdin, which makes the command:
> cmd.exe /c echo y | plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt
plink and sudo with password prompt
In the above example we dealt with simple commands that required no input and no privilege escalation with sudo (hostname, pwd). But many times the commands we want to run in batch processes require sudo, which throws up an interactive prompt for a password.
I’ve tested against multiple target hosts, and sometimes I am able to echo the password to sudo from inside the script file, but other times the password prompt for sudo has to be provided at the ssh client console.
Approach 1: Sudo password echoed and embedded inside plink script
Make sure you call plink with “-t” so that a tty is setup. Then sudo to a shell and echo the password into stdin before running the command you want with sudo.
/bin/echo -e "myP4ss\n" | sudo -S /bin/bash sudo apt-get update
Or you can echo the password directly to the command you want to run as sudo.
/bin/echo -e "myP4ss\n" | sudo apt-get update
Approach 2: echo password on local console
Other times I have noticed that approach #1 does not work, and you must echo the sudo password on the client side. For this to work, you must first create a file that contains two lines, the first line contains the password and then a newline with an empty second line (let’s name it sudopass.txt).
Then when you call plink, send the contents of the local file sudopass.txt to stdin:
$ type sudopass.txt | plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt
1192
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
