SSh under windows to execute a script with embeded password
Hi,
probably a simply answer, but I am not a linux security expert. So sorry.
I am running a script on Windows server which is sending a file to a linux (knoppix based distr.) server and then executing ashell .sh ascript on the target linux server.
to copy the file I use the PSCP.exe which allows me to specify password like:
pscp.exe -pw password file_to_be_transferred.txt
It is fine.
Now I need to do something simmilar to run the script. But the ssh.exe which I got from winscp (or putty?) does not allow me to specify password.
I wish I can write:
ssh.exe -pw password root@10.11.12.13 'thefiletobeexecuted.sh'
Is there any command line tool for windows which will allow me this?
Thanks
probably a simply answer, but I am not a linux security expert. So sorry.
I am running a script on Windows server which is sending a file to a linux (knoppix based distr.) server and then executing ashell .sh ascript on the target linux server.
to copy the file I use the PSCP.exe which allows me to specify password like:
pscp.exe -pw password file_to_be_transferred.txt
It is fine.
Now I need to do something simmilar to run the script. But the ssh.exe which I got from winscp (or putty?) does not allow me to specify password.
I wish I can write:
ssh.exe -pw password root@10.11.12.13 'thefiletobeexecuted.sh'
Is there any command line tool for windows which will allow me this?
Thanks
ASKER
Yes, I did. Didnt work. It recognises root:password as an user.
But probably you have a ssh.exe which allows this. would you mind sharing it or pointing to a place where it grows?
Thanks
But probably you have a ssh.exe which allows this. would you mind sharing it or pointing to a place where it grows?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
keep in mind that keys might break security ...
keys dont break security users do.
If you restrict access to read the keys you should be fine.
Keys that are password protected improve you security in comparison with password only authentication.
If you restrict access to read the keys you should be fine.
Keys that are password protected improve you security in comparison with password only authentication.
> keys dont break security users do.
LOL, I agree (if there where no users we'd not need keys nor even passwords:-))
> If you restrict access to read the keys you should be fine.
hmm, and how should that then work with a script?
keeping something like ssh-agent beside, we end up in: keys break security
don't misunderstand me, I mean that using keys 'cause you have scripts which cannot deal with keys/passwords in secure manner, it's useless to make things complicated with keys.
or in other words, anything where you have the possibility to "read" the key/password automatically is unsecure 'cause it is prone to unattended access
LOL, I agree (if there where no users we'd not need keys nor even passwords:-))
> If you restrict access to read the keys you should be fine.
hmm, and how should that then work with a script?
keeping something like ssh-agent beside, we end up in: keys break security
don't misunderstand me, I mean that using keys 'cause you have scripts which cannot deal with keys/passwords in secure manner, it's useless to make things complicated with keys.
or in other words, anything where you have the possibility to "read" the key/password automatically is unsecure 'cause it is prone to unattended access
You are correct in respect to read keys automatically but it is more secure as empty passwords.
Now you can give run a script with a special user, only that user can read the keys in a hidden directory this will make it best effort security and I would feel saver than having a password included in a plaintext file read by the script.
Now you can give run a script with a special user, only that user can read the keys in a hidden directory this will make it best effort security and I would feel saver than having a password included in a plaintext file read by the script.
assuming that both, the script (containing password or just key usage) and the key itself, are both permission 400 or 500, and the directory also 700 and ownded by the user, then there is no difference in security between a plaintext password in the script and the key
ssh.exe root:password@10.11.12.13 'thefiletobeexecuted.sh'