Putty: Using pscp/plink for automated file transfer and command execution from a Windows host

The Putty suite contains several executables beyond the main application.  It also has pscp.exe, a command line scp client, and plink.exe which is a command line ssh client.

These clients can be used to run file transfers and commands against hosts in console mode, perfect for  automation of repetitive tasks.

pscp.exe for file transfer

pscp.exe takes parameters very similar to the Linux based scp.

> pscp.exe -pw <password> <localfile> <user>@<host>:<targetRemoteFile>

For example, if you were moving a text file named README.txt to /tmp of a remote host named ‘trusty1’ as the user ‘myuser’, the command could look like below:

> pscp.exe -pw myP4ss README.txt myuser@trusty1:/tmp/.

Running this command would give the interactive prompt “Store key in cache? (y/n)”.  You would be forced to press either y/n before moving on, and this is something the Putty developers want because of security concerns, but it also hampers automation.

There is a way around this, however.  If you issued the same command but pipe a “y” to the stdin, it would answer the prompt for you.

> cmd.exe /c echo y | pscp.exe -pw myP4ss README.txt myuser@trusty1:/tmp/.

plink.exe for ssh commands

plink is able to ssh into a host and run a set of commands using the following syntax:

> plink.exe -ssh -t -pw <password> <user>@<host>  -m <script>

Valid commands include anything you could type from a normal ssh client.

If you had a text file named “plink-script.txt” with the content below it would print out the hostname, tell you the name of the current directory, and then list the files in /tmp.

hostname
pwd
ls /tmp

Then plink could be invoked like:

> plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt

But just like pscp, if the host key was not cached in the registry yet, you would get an interactive prompt saying “Store key in cache? (y/n)” which would not be conducive to a batch script.

And once again, the way around this is to pipe a “y” to stdin, which makes the command:

> cmd.exe /c echo y | plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt

plink and sudo with password prompt

In the above example we dealt with simple commands that required no input and no privilege escalation with sudo (hostname, pwd).  But many times the commands we want to run in batch processes require sudo, which throws up an interactive prompt for a password.

I’ve tested against multiple target hosts, and sometimes I am able to echo the password to sudo from inside the script file, but other times the password prompt for sudo has to be provided at the ssh client console.

Approach 1: Sudo password echoed and embedded inside plink script

Make sure you call plink with “-t” so that a tty is setup.  Then sudo to a shell and echo the password into stdin before running the command you want with sudo.

/bin/echo -e "myP4ss\n" | sudo -S /bin/bash
sudo apt-get update

Or you can echo the password directly to the command you want to run as sudo.

/bin/echo -e "myP4ss\n" | sudo apt-get update

Approach 2: echo password on local console

Other times I have noticed that approach #1 does not work, and you must echo the sudo password on the client side.  For this to work, you must first create a file that contains two lines, the first line contains the password and then a newline with an empty second line (let’s name it sudopass.txt).

Then when you call plink, send the contents of the local file sudopass.txt to stdin:

$ type sudopass.txt | plink.exe -ssh -t -pw myP4ss myuser@trusty1 -m plink-script.txt

 

REFERENCES

https://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter7.html#plink

https://www.ssh.com/ssh/putty/putty-manuals/0.68/Chapter5.html

https://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter5.html#pscp

https://superuser.com/questions/971345/is-there-any-way-to-automatically-accept-ssh-host-keys-even-when-keys-are-change (reason why host acceptance not muted)

https://git.tartarus.org/?p=simon/putty.git;a=blob;f=contrib/kh2reg.py;hb=HEAD (script for adding known_hosts to registry)

https://forums.ni.com/t5/LabVIEW/How-to-automatically-accept-ssh-host-key/td-p/1223974 (echo yes to automate acceptance)

https://stackoverflow.com/questions/20248009/execute-sudo-command-on-linux-from-plink-exewindows (echo of password for sudo)

NOTES

Registry location of saved host keys: \\HKCU\Software\SimonTatham\PuTTY\SshHostKeys