Auto-storing server host key in cache with plink
I've been trying to issue commands using plink to retrieve information from my external server. Note that these plink commands are run from a binary that expects no input from the user. Is there a flag that will allow me to override this error message and continue with program output?
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)
Thank you!
Try prepending your script with:
echo y | plink -ssh root@REMOTE_IP_HERE "exit"
This will pipe the y
character through stdin
to plink
when you get the Store key in cache? (y/n) prompt, allowing all further plink
commands to pass through without the need of user input. The exit
command will close the SSH session after it has been established, allowing the following plink
commands to run.
Here's an example script which writes the external server's Unix time to a local file:
echo y | plink -ssh root@REMOTE_IP_HERE "exit"
plink -ssh root@REMOTE_IP_HERE "date -t" > remote_time.tmp
Pipelining Reference: http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-4.html
The accepted is answer is "acceptable", but unsecure. The best way would be to specify host key to plink to prevent any Man-In-the-Middle attack.
plink -hostkey aa:bb:cc... root@REMOTE_IP_HERE [...]
PuTTY
and plink.exe
share the same cache of 'acceptable server keys' on the host they are installed on.
So if your scenario is interactive (and hence your frustration not being heard when you press 'y' or 'n'), a workaround is to attempt a connection with PuTTY first.
When doing this:
- You'll open
PuTTY
and pretend to start an interactive SSH session to the server - You'll get a Windows dialog box showing the key asking if you want to trust it
- You'll check the presented key, to ward of MITM's, then press
OK
- Henceforth,
plink.exe
won't bother to ask if you trust the server or not - it already knows you do