Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use encrypted password for Plink/PuTTY

Tags:

powershell

ssh-keys

putty

encryption

plink

I would like to encrypt a password in PowerShell and use it with plink and putty.

Yes, I know that it expects only cleartext password (Password encryption using SecureString for plink.exe command).

No, I will not use generated keys because we don't support it.

My questions:

  1. Any suggestions how can I use encrypted password for -pw flag in putty or plink
  2. Can I generate specific string as key? I mean taking current cleartext password and convert it to a key, then using it as -i instead of -pw

My securePass.ps1 code:

$password = read-host -prompt "Enter your Password" 
write-host "$password is password" 
$secure = ConvertTo-SecureString $password -force -asPlainText 
$bytes = ConvertFrom-SecureString $secure 
$bytes | out-file C:\encrypted_password1.txt

In main:

$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
plink -batch -ssh $defUser@$srv -pw $pass
putty -ssh $defUser@$srv -pw $pass
like image 784
igor Avatar asked Oct 29 '25 15:10

igor

2 Answers

As you know, you cannot use encrypted password (SecureString) for PuTTY/Plink.

All you can do is to decrypt the secure string and pass the decrypted plain text password to the PuTTY/Plink.

For for decryption, see PowerShell - Decode System.Security.SecureString to readable password:

$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString

$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($pass)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
plink -batch -ssh $defUser@$srv -pw $decrypted

PuTTY 0.77 Plink newly supports -pwfile switch that allows more safe way to pass the password via a local text file (while still plain-text).

Your question 2) does not make any sense. You wrote that you cannot use keys. So you cannot use -i switch. Let alone use some "generated password" with it.

like image 142
Martin Prikryl Avatar answered Oct 31 '25 10:10

Martin Prikryl

 
$Credential = $(Get-Credential)
$user = $Credential.GetNetworkCredential().Username
$pass = $Credential.GetNetworkCredential().Password

is what I use then in the script I use the -pw; $ $putty -ssh $server -l $user -pw $pass -m $command

I know that you were saying you did -I instead of -pw however I found this works pretty well that way there is no file with your password stored anywhere.

like image 37
Shelby Avatar answered Oct 31 '25 10:10

Shelby

Sign in to Comment

Related questions

How to manually parse a Powershell command line string
How do I interact with an Iframe using Powershell?
PowerShell for-each loop output to file
Dot sourcing a PowerShell script not ending with .ps1
Run a jar file from powershell
Executing inline powershell script
Convert fixed width txt file to CSV / set-content or out-file -append?
call Powershell in VBS with parameters
Does powershell have something like "echo off" in command prompt mode?
How to 'get arguments for calls made on' a Mock in Pester (or otherwise generate a helpful message containing actual and expected values)?
TetheringWiFiBand in Windows.Networking.NetworkOperators

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!