Auto-storing server host key in cache with plink

ssh putty host plink
66,251

Solution 1

Try prepending your script with:

echo y | plink -ssh root@REMOTE_IP_HERE "exit"

This will pipe the y character through stdin to plink when you get the Store key in cache? (y/n) prompt, allowing all further plink commands to pass through without the need of user input. The exit command will close the SSH session after it has been established, allowing the following plink commands to run.

Here's an example script which writes the external server's Unix time to a local file:

echo y | plink -ssh root@REMOTE_IP_HERE "exit"
plink -ssh root@REMOTE_IP_HERE "date -t" > remote_time.tmp

Pipelining Reference: http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-4.html

Solution 2

The accepted is answer is "acceptable", but unsecure. The best way would be to specify host key to plink to prevent any Man-In-the-Middle attack.

plink -hostkey aa:bb:cc... root@REMOTE_IP_HERE [...]

Solution 3

PuTTY and plink.exe share the same cache of 'acceptable server keys' on the host they are installed on.

So if your scenario is interactive (and hence your frustration not being heard when you press 'y' or 'n'), a workaround is to attempt a connection with PuTTY first.

When doing this:

  • You'll open PuTTY and pretend to start an interactive SSH session to the server
  • You'll get a Windows dialog box showing the key asking if you want to trust it
  • You'll check the presented key, to ward of MITM's, then press OK
  • Henceforth, plink.exe won't bother to ask if you trust the server or not - it already knows you do
Share:
66,251

Related videos on Youtube

Tad Oh
Author by

Tad Oh

Updated on September 18, 2022

Comments

  • Tad Oh
    Tad Oh over 1 year

    I've been trying to issue commands using plink to retrieve information from my external server. Note that these plink commands are run from a binary that expects no input from the user. Is there a flag that will allow me to override this error message and continue with program output?

    The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

    Thank you!

    • andrybak
      andrybak over 8 years
      The real issue is that either git doesn't properly give away input to plink or vice versa plink doesn't properly take it. If you launch git clone in, e.g. "git bash", the input (Y/n) goes then into bash prompt, and bash usually responds with bash: y: command not found.
    • mckenzm
      mckenzm almost 3 years
      If you are using the -batch switch, you should do an initial interactive plink logon (without that switch) to set this up and respond to the prompt. Yes, as another answer suggests this can be automated, but it is only required once.
  • Nathan
    Nathan over 9 years
    -auto_store_sshkey is an "unknown option" for plink version 0.63
  • Gerrat
    Gerrat about 6 years
    ...and unknown to 0,70
  • David Bullock
    David Bullock over 3 years
    That's a good idea, if you want your calling application (say) to manage the 'trust chain'. Sometimes, we don't want to build this infrastructure ourselves, and we're happy to let plink.exe/PuTTY show the server's fingerprint for our review, and let it remember our 'Y' decision for later attempts. In this case, plink.exe is being invoked interactively by the user, but it won't read the user's interactive 'y' or 'n' key. Hence the accepted answer is a workaround to tell plink.exe/PuTTY, "yes, that is the one, please do remember it for me".
  • David Bullock
    David Bullock over 3 years
    I had to write this down because I forgot ... again. I've solved this at least 3 times in the last 10 years :-\ (this last time was my quickest!) A couple of years ago I found a really good answer on SO and saw at the end ... to my surprise ... I'd written it years before!
  • IndustryUser1942
    IndustryUser1942 over 3 years
    ...and unknown to 0.73
  • ghost
    ghost almost 3 years
    ...and unknown to 0.74

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Mercurial "hg clone" on Windows via ssh with plink issue
How to use plink to create SSH tunnel to database?
Connect to an SSH server over an HTTP proxy using plink and netcat
Automating command/script execution using PuTTY
Using Plink (PuTTy) to SSH through Python
git - Server host key not cached
Executing command in Plink from a batch file
CentOS 7 Minimal Installation on Hyper-V: X11 forwarding using Xming and PuTTy error, xhost: unable to open display ":0.0"
Putty session start from shortcut on port
tail -f using PuTTY hangs