?
Solved

SSh under windows to execute a script with embeded password

Posted on 2005-03-15
10
Medium Priority
?
502 Views
Last Modified: 2010-04-22
Hi,

probably a simply answer, but I am not a linux security expert. So sorry.

I am running a script on Windows server which is sending a file to a linux (knoppix based distr.) server and then executing ashell  .sh  ascript on the target linux server.

to copy the file I use the PSCP.exe which allows me to specify password like:

pscp.exe -pw password file_to_be_transferred.txt root@10.11.12.13:/temp

It is fine.

Now I need to do something simmilar to run the script. But the ssh.exe which I got from winscp (or putty?) does not allow me to specify password.

I wish I can write:

ssh.exe -pw password root@10.11.12.13 'thefiletobeexecuted.sh'

Is there any command line tool for windows which will allow me this?

Thanks
0
Comment
Question by:Pedro Keson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 14

Expert Comment

by:JohnK813
ID: 13547892
have you tried

ssh.exe root:password@10.11.12.13 'thefiletobeexecuted.sh'
0
 

Author Comment

by:Pedro Keson
ID: 13552743
Yes, I did. Didnt work. It recognises root:password as an user.

But probably you have a ssh.exe which allows this. would you mind sharing it or pointing to a place where it grows?

Thanks
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 13554129
(open)ssh does not allow passwords on command-line or stdin by design, for obvious reason ;-)
probably there is a hidden option somewhere, in another version, but it's not dicumented.
Best is you use keys, see ssh-keygen
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 200 total points
ID: 13554366
You should use key authentication for this issue.
If you generate a pub/private keypair you can do it. You can load the key in windows so you do not have to type a password.
It is obvious your key should not use a password, it works but it is dangerous ofcource.
http://cfm.gs.washington.edu/security/ssh/client-pkauth/
0
 
LVL 22

Assisted Solution

by:pjedmond
pjedmond earned 100 total points
ID: 13556611
Although the concepts of using a ssh key agent are perhaps initially a little complex, this document is well worth reading. If you can follow it, then it is what you'd ideally want to achieve:

http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13557325
keep in mind that keys might break security ...
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 13562706
keys dont break security users do.
If you restrict access to read the keys you should be fine.
Keys that are password protected improve you security in comparison with password only authentication.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13562818
>  keys dont break security users do.
LOL, I agree (if there where no users we'd not need keys nor even passwords:-))

> If you restrict access to read the keys you should be fine.
hmm, and how should that then work with a script?
keeping something like ssh-agent beside, we end up in: keys break security

don't misunderstand me, I mean that using keys 'cause you have scripts which cannot deal with keys/passwords in secure manner, it's useless to make things complicated with keys.
or in other words, anything where you have the possibility to "read" the key/password automatically is unsecure 'cause it is prone to unattended access
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 13562910
You are correct in respect to read keys automatically but it is more secure as empty passwords.
Now you can give run a script with a special user, only that user can read the keys in a hidden directory this will make it best effort security and I would feel saver than having a password included in a plaintext file read by the script.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13563167
assuming that both, the script (containing password or just key usage) and the key itself, are both permission 400 or 500, and the directory also 700 and ownded by the user, then there is no difference in security between a plaintext password in the script and the key
0

Featured Post

Quiz: What Do These Organizations Have In Common?

Hint: Their teams ended up taking quizzes, too.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question