[英]Answering Plink hostkey and KEX prompts in PowerShell
I am successfully able to grab the result text I need from the plink.exe
command-line below to $response
.我成功地从下面的
plink.exe
命令行中获取了我需要的结果文本到$response
。 In order for the command to execute on the remote SSH device, I had to first precede it with emulated keystrokes Y {enter} Y {enter}为了让命令在远程 SSH 设备上执行,我必须先模拟击键Y {enter} Y {enter}
Code:代码:
$Device = "SSHDeviceHostname"
$Command = "sho ver | include uptime is"
Add-Type -AssemblyName System.Windows.Forms
$wshell.SendKeys('y~y~'); $response = cmd /C "C:\Windows\plink.exe -ssh -l `"$($CredentialToken.GetNetworkCredential().username)`" -pw `"$($CredentialToken.GetNetworkCredential().password)`" $Device `"$Command`"" 2>$null
Results:结果:
y
y
C:\Users\MKANET\Desktop> $response
SSHDeviceHostname uptime is 5 years, 25 weeks, 1 day, 3 minutes
C:\Users\MKANET\Desktop>
I would like to hide the fake keystrokes Y { enter } Y { enter } from being displayed;我想隐藏假击键Y { enter } Y { enter } 不被显示; without adversely affecting the
$response
value.不会对
$response
值产生不利影响。 I tried to invoke-command
'ing the whole scriptblock on the localhost without success.我试图在本地主机上
invoke-command
整个脚本块但没有成功。 I probably could execute this code in a separate hidden PowerShell session.我可能可以在单独的隐藏 PowerShell session 中执行此代码。 However, that would most likely slow things down way too much.
但是,这很可能会大大减慢速度。
PS: I also tried using cmd (below) which unfortunately plink.exe completely ignores the second echo `y; PS:我也尝试使用 cmd (下)不幸的是 plink.exe 完全忽略了第二个 echo `y; aborting the connection immediately:
立即中止连接:
cmd /C "Echo Y && Echo Y | plink.exe -ssh -l `"$($Credential.GetNetworkCredential().username)`" -pw `"$($Credential.GetNetworkCredential().password)`" $DeviceName `"$Command`""
To answer your literal question, you can do the following in a batch file:要回答您的字面问题,您可以在批处理文件中执行以下操作:
powershell -command "Write-Host -NoNewLine y ; sleep 2 ; Write-Host -NoNewLine y" | plink ...
Note that the code really works in batch file (in cmd
) only.请注意,该代码仅适用于批处理文件(在
cmd
中)。 It does not work in Windows PowerShell.它在Windows PowerShell 中不起作用。 The
|
该
|
has a different semantics in Windows PowerShell than in cmd.
Windows PowerShell 中的语义与 cmd 中的语义不同
cmd.
In Windows PowerShell, it would wait for powershell
to complete before starting the plink
, so the only effect of sleep
is that it will delay starting the plink
.在 Windows PowerShell 中,它会等待
powershell
完成后才开始plink
,所以sleep
的唯一作用就是延迟启动plink
。 While in cmd
, powershell
and plink
run in parallel, as you want.在
cmd
, powershell
和plink
中,您可以根据需要并行运行。
As commented by @mklement0, this has been improved since PowerShell (Core) 6. So there you can do:正如@mklement0 所评论的,自 PowerShell (核心) 6 以来,这已经得到了改进。所以你可以这样做:
& { 'y'; sleep 2; 'y' } | plink ...
But you should not blindly accept the host key.但是你不应该盲目地接受主机密钥。 You lose a protection against man-in-the-middle attacks .
您失去了对中间人攻击的保护。 You should verify the host key using the
-hostkey
switch.您应该使用
-hostkey
开关验证主机密钥。
See Prepend a command in Start-Process to provide "y" input to Plink请参阅在 Start-Process 中添加命令以向 Plink 提供“y”输入
Similarly for the KEX verification.对于 KEX 验证也是如此。 There's no switch for the KEX in Plink.
Plink 中没有 KEX 的开关。 But you can create an ad-hoc store session in registry with the
diffie-hellman-group1-sha1
allowed.但是您可以在允许 diffie
diffie-hellman-group1-sha1
的注册表中创建临时存储 session。 And invoke the stored session in Plink.并调用Plink中存储的session。
$hostname = "example.com"
$username = "username"
$password = "password"
$hostkey = "c4:26:18:cf:a0:15:9a:5f:f3:bf:96:d8:3b:19:ef:7b"
$session = "Dummy"
$key = "HKCU:\SOFTWARE\SimonTatham\PuTTY\Sessions\$session"
New-Item -Path $key -Force | Out-Null
New-ItemProperty -Path $key -Name HostName -Value $hostname | Out-Null
New-ItemProperty -Path $key -Name UserName -Value $username | Out-Null
New-ItemProperty -Path $key -Name KEX `
-Value "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,dh-group1-sha1,WARN" | Out-Null
& plink $session -pw $password -hostkey $hostkey
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.