Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

SSh under windows to execute a script with embeded password


probably a simply answer, but I am not a linux security expert. So sorry.

I am running a script on Windows server which is sending a file to a linux (knoppix based distr.) server and then executing ashell  .sh  ascript on the target linux server.

to copy the file I use the PSCP.exe which allows me to specify password like:

pscp.exe -pw password file_to_be_transferred.txt root@

It is fine.

Now I need to do something simmilar to run the script. But the ssh.exe which I got from winscp (or putty?) does not allow me to specify password.

I wish I can write:

ssh.exe -pw password root@ 'thefiletobeexecuted.sh'

Is there any command line tool for windows which will allow me this?

Pedro Keson
Pedro Keson
3 Solutions
have you tried

ssh.exe root:password@ 'thefiletobeexecuted.sh'
Pedro KesonIT specialistAuthor Commented:
Yes, I did. Didnt work. It recognises root:password as an user.

But probably you have a ssh.exe which allows this. would you mind sharing it or pointing to a place where it grows?

(open)ssh does not allow passwords on command-line or stdin by design, for obvious reason ;-)
probably there is a hidden option somewhere, in another version, but it's not dicumented.
Best is you use keys, see ssh-keygen
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

You should use key authentication for this issue.
If you generate a pub/private keypair you can do it. You can load the key in windows so you do not have to type a password.
It is obvious your key should not use a password, it works but it is dangerous ofcource.
Although the concepts of using a ssh key agent are perhaps initially a little complex, this document is well worth reading. If you can follow it, then it is what you'd ideally want to achieve:

keep in mind that keys might break security ...
keys dont break security users do.
If you restrict access to read the keys you should be fine.
Keys that are password protected improve you security in comparison with password only authentication.
>  keys dont break security users do.
LOL, I agree (if there where no users we'd not need keys nor even passwords:-))

> If you restrict access to read the keys you should be fine.
hmm, and how should that then work with a script?
keeping something like ssh-agent beside, we end up in: keys break security

don't misunderstand me, I mean that using keys 'cause you have scripts which cannot deal with keys/passwords in secure manner, it's useless to make things complicated with keys.
or in other words, anything where you have the possibility to "read" the key/password automatically is unsecure 'cause it is prone to unattended access
You are correct in respect to read keys automatically but it is more secure as empty passwords.
Now you can give run a script with a special user, only that user can read the keys in a hidden directory this will make it best effort security and I would feel saver than having a password included in a plaintext file read by the script.
assuming that both, the script (containing password or just key usage) and the key itself, are both permission 400 or 500, and the directory also 700 and ownded by the user, then there is no difference in security between a plaintext password in the script and the key

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now