[英]Use encrypted password for Plink/PuTTY
I would like to encrypt a password in PowerShell and use it with plink
and putty
.我想在 PowerShell 中加密密码并将其与plink
和putty
一起使用。
Yes, I know that it expects only cleartext password ( Password encryption using SecureString for plink.exe command ).是的,我知道它只需要明文密码(使用 SecureString for plink.exe 命令的密码加密)。
No, I will not use generated keys because we don't support it.不,我不会使用生成的密钥,因为我们不支持它。
My questions:我的问题:
-pw
flag in putty
or plink
任何建议如何在putty
或plink
中为-pw
标志使用加密密码-i
instead of -pw
我的意思是获取当前的明文密码并将其转换为密钥,然后将其用作-i
而不是-pw
My securePass.ps1
code:我的securePass.ps1
代码:
$password = read-host -prompt "Enter your Password"
write-host "$password is password"
$secure = ConvertTo-SecureString $password -force -asPlainText
$bytes = ConvertFrom-SecureString $secure
$bytes | out-file C:\encrypted_password1.txt
In main:主要:
$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
plink -batch -ssh $defUser@$srv -pw $pass
putty -ssh $defUser@$srv -pw $pass
As you know, you cannot use encrypted password ( SecureString
) for PuTTY/Plink.如您所知,您不能对 PuTTY/Plink 使用加密密码 ( SecureString
)。
All you can do is to decrypt the secure string and pass the decrypted plain text password to the PuTTY/Plink.您所能做的就是解密安全字符串并将解密后的纯文本密码传递给 PuTTY/Plink。
For for decryption, see PowerShell - Decode System.Security.SecureString to readable password :对于解密,请参阅PowerShell - 将 System.Security.SecureString 解码为可读密码:
$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($pass)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
plink -batch -ssh $defUser@$srv -pw $decrypted
PuTTY 0.77 Plink newly supports -pwfile
switch that allows more safe way to pass the password via a local text file (while still plain-text). PuTTY 0.77 Plink 新支持-pwfile
开关,允许通过本地文本文件(虽然仍然是纯文本)以更安全的方式传递密码。
Your question 2) does not make any sense.你的问题2)没有任何意义。 You wrote that you cannot use keys.您写道,您不能使用密钥。 So you cannot use -i
switch.所以你不能使用-i
开关。 Let alone use some "generated password" with it.更不用说使用一些“生成的密码”了。
$Credential = $(Get-Credential)
$user = $Credential.GetNetworkCredential().Username
$pass = $Credential.GetNetworkCredential().Password
is what I use then in the script I use the -pw;是我在使用 -pw 的脚本中使用的; $ $putty -ssh $server -l $user -pw $pass -m $command $ $putty -ssh $server -l $user -pw $pass -m $command
I know that you were saying you did -I instead of -pw however I found this works pretty well that way there is no file with your password stored anywhere.我知道你是说你做了 -I 而不是 -pw 但是我发现这很好用,因为在任何地方都没有存储密码的文件。
This was my solution, which runs in a menu loop.这是我的解决方案,它在菜单循环中运行。 works very well.效果很好。 I just need "cache" my typed input or (pass prior entered credentials into the dialog, automatically) otherwise every time I have to re-enter credentials.我只需要“缓存”我输入的输入或(将先前输入的凭据自动传递到对话框中)否则每次我必须重新输入凭据。
$Key = New-Object Byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | Out-File AES.key
(get-credential).Password | ConvertFrom- SecureString -key (get-content AES.key) | set-content "AESPassword.txt"
$password = Get-Content AESPassword.txt | ConvertTo-SecureString -Key (Get-Content AES.key)
$credential = New-Object System.Management.Automation.PsCredential($env:userName,$password)
$ServerName = Read-Host -Prompt "What is the server name?"
$Command = ".\plink.exe"
$arg1 = '-t'
$arg2 = $credential.GetNetworkCredential().username+'@'+$ServerName
$arg3 = '-pw'
$arg4 = $credential.GetNetworkCredential().Password
$arg5 = $scriptcmd
#Write-Output $Command $arg1 $arg2 $arg3 $arg4 $arg5
& $Command $arg1 $arg2 $arg3 $arg4 $arg5
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.