Is it possible to automatically use Windows password in WinSCP script? Instead of typing it in script file.
script.txt file consists:
open MyUserName:MyPassword#MySFTPserver.net
option transfer binary
get TestFile.txt c:\
close
winscp.bat that triggers the script contains
winscp.exe /console /script=script.txt
WinSCP (nor any other application) cannot retrieve your password from Windows. It's not possible in general, it would be a security threat.
Anyway, WinSCP supports Kerberos/GSSAPI/SSPI authentication that allows you to reuse your domain authentication for connection to an SSH/SFTP server. So you may be able to use that, if your SSH/SFTP server supports that.
open sftp://MyUserName#MySFTPserver.net /rawsettings AuthGSSAPI=1
References:
WinSCP Authentication options
Raw Site Settings
Related
I would like to use IntelliJ to configure my SFTP servers.
Unfortunately, I have very complex configurations (SSH tunnels, proxy etc...) that I am currently doing with WinSCP.
Is it possible to import the exported WinSCP configurations into IntelliJ?
If not, what is the procedure to configure in IntelliJ an SFTP connection in WinSCP with
SSH Tunnel with private key
Proxy server
I have tried to set SSH and proxy with the settings I've found in IntelliJ, but it gives me connection timeout.
IntelliJ is not made for SFTP and other connection maintenance. You can easily import export from FileZilla to WinSCP and other SFTP IDE. IntelliJ is more like code editor for multiple platforms and it has little FTP file window program but it cannot have all settings like WinSCP has.
But if you still want to do it.
You have to find webserver.xml file or create a manual entry first time. It will create a file then edit that file. Check the format of your first manual entry.
I think password is encrypted. Learn how to encrypt password and write in xml file.
Passwords are now stored in either KeePass file (all platforms) or keychain (Mac & Linux; where supported libs are present).
https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025-webServers-xml-format#5275025
I'm looking right at the file I want to download in my current directory. wget wants a FULL url, I don't know what the full url is. im in directory /usr/local/lib/ and want to download php.ini.
I am using putty to log into my web server, and when i say donwload i want to download it from the web server to my pc
Firstly, forget URLs, and forget wget - this file isn't going to be accessible over the world wide web (if it is, your security is seriously broken).
However, if you can see it on SSH, you can probably (depending on security policies on the server) access it by using the same credentials over SCP.
On the command-line, using the PSCP program which comes with PuTTY that would look something like:
pscp user#server.example.com:/usr/local/lib/php.ini .
Or you could use a graphical client like WinSCP or FileZilla (which supports SFTP, which is another SSH-based protocol; use sftp://server.example.com as the server to connect to), if you're on a Windows desktop.
Use pscp which is included with PuTTY
If you are on Linux:
scp user#server:/path2file/file path-on-localpc
What I would do is using Putty (or other solution) on Windows to connect to a SAN switch and get results from a command with ssh.
I use Powershell as scripting language and it could be done easily but i don't want to save the password in the script.
I'm looking for a solution to use Putty from command line and set the password not stored in clear in the script.
What I thought is to launch the script with \RUNAS (through a Scheduled task) and pass the actual credentials directly to Putty. (The switch would have the same password as the account used with the Runas). Is that possible?
Or is there any solution using putty with a certificate or something like this?
You may want to consider using key authentication as opposed to a password.
People will say use a password in addition to the key, but if your alternative is storing the password on your PC in a file anyway, someone with access to your machine owns you in either case.. So you just need to generate the keys. The requirement is: no-one but you has access to that key file.
http://www.linuxproblem.org/art_9.html
I'm in the same boat, have to use Windows, but for me www.mingw.org which gives you a shell, and the basic *nix tools - extremely useful for SSH, connect to remote Linux VPS, etc.. Cygwin, of course which is similar, and has an easier tool (setup.exe if I recall) to install new apps. I actually use git-bash with is mingw with git. No-GUIs. I've found this easy to just drop to the mingw shell when I need to use ssh openssl cut awk etc..
So running any remote command using SSH from the command line without third-party programs like Putty, or those with GUIs, etc.. Using the key authentication and offing password auth completely in ssh on the remote device (at least on devices where you have control) is some additional lockdown for the remote device, especially if you're the only one need access it.
Which leaves, scheduling the script. There should be a way to do that via batch file and Windows or within the command line environment.
I'll suggest following options:
use password authentication. Store the text file with password in a file with limited access (some service account) and launch your script under this account's credentials
same as above, but instead of text file use certificate file
write a small program (C#) which uses DPAPI to store the certificate or password in service account-specific store.
combine any of the above with the use of BitLocker/EFS
No options are can protect you from an attacker having admin access to the server, but implementing them will give an increasing (in order of number) headache to someone who will be trying to break it.
The script will be a weak spot in any case, though.
This is probably not the answer you're looking for, but I wouldn't use Putty for this, and would rather communicate with the SSH server directly using SSH.NET library. It's available in both source and binary form, and you could use it from PowerShell too if you like.
Examples: http://sshnet.codeplex.com/wikipage?title=Draft%20for%20Documentation%20page.
Then you'd have a lot of options to store your login credentials securely.
I recommend setting up 2-factor authentication on the ssh machine that you have to communicate with IF you can't use key authentication.
Google's 2 factor authentication can be implemented for ssh and is relatively easy to set up as long as SE linux is disabled...if it isn't disabled, you can add an exception and that would essentially help reduce the risk of compromise and increase security.
What's the function's name to change this permission on ftp file (ftp software can do it so I guess Rebol can too)?
FTP has two ports open, one for commands and one for data transfer. Since you only want to issue a command, then you don't need to use ftp, but can use the telnet protocol.
The ftp protocol in Rebol2 does not support site specific commands such as chmod. However, I have written my own ftp protocol for Rebol3, ( see http://github.com/gchiu/Rebol3/tree/master/protocols/ ), and it looks like it is only a few lines to add the SITE command.
The REBOL function for changing file permissions is set-modes.
However, that is enabled only for local files -- so no equivalent of chmod for remote files using FTP.
This thread suggests it may be possible to modify REBOL's FTP scheme to make it possible....
http://www.rebol.org/ml-display-thread.r?m=rmlSWGQ
....But, as far as I know, no one has.
Is it possible to use CRON to upload a file via FTP? If yes how can I call FTP to run an upload?
Assuming a UNIX-like operating system you could setup a cron job that pointed to a shell script like the following:
#!/bin/sh
cd [source directory]
ftp -n [destination host]<<END
user [user] [password]
put [source file]
quit
END
Depending on your ftp client defaults and the source file type you may need to specify binary prior to the put.
You may use ncftp -- they have an handy tools called "ncftpput"
It is easier then using expect -- it is just a single command with useful return code.
You probably are looking for a program called "expect" which is designed for dealing with interactive processes.
http://expect.nist.gov/
If you have "cron", you likely already have "expect" as well, these days.
Schedule a script call from cron.
In the script,
Use Public Key Authentication to open a Secure FTP communication with your server
Execute a batch file of PUTs to your server (there is a -b option in sftp)
For this,
you will need to setup the public key authentication between the server and your client,machine.
you will need a sftp client on the client machine (there are clients for all platforms -- PuTTY, Winscp.net, unix variants usually have this already installed).
finally, try the PUT manually with public key authentication and note down the commands -- you can write them down in to the batch file for automation
Some other notes.
expect is an overkill for this requirement.
More over, any scheme that requires the password to be scripted is bad
ncftp is good for an interactive session (not such automation)
I do not know if wput allows public key authentication (probably not), in which case its not good for such automation either
Just create your CRON jobs to call WGET to upload or download your file via FTP!