Accept server host key when automating SSH session using PuTTY Plink

Posted on by Dean Grant

I was recently compiling a script which would act as a wrapper to invoke commands depending on the hosts operating system (which was read from a file) and passes a set of parameters. If the operating system was UNIX, the plan was to invoke a SSH session remotely using PuTTY Plink and to invoke the command and pass a set of parameters.

The first obstacle was that when connecting using SSH to connect to a server for the first time you will prompted to trust the host key of the server as below:

The server’s host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server’s rsa2 key fingerprint is: ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx If you trust this host, enter “y” to add the key to PuTTY’s cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter “n”. If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n)

This would force the commands invoked to halt until user input had been received. Therefore, this required me to modify the commands invoked from the wrapper to first connect and accept to store the servers host key in cache. This was simply achieved by using echo to pipe the user input to the selected command and then exit the SSH session, the wrapper will then invoke the plink executable a second time to run the required command and pass a set of variables as below;

echo y | plink.exe -ssh $line.Server -l $Username -pw $Password exit

plink.exe -ssh $line.Server -l $Username -pw $Password <insert remote command here>

10 thoughts on “Accept server host key when automating SSH session using PuTTY Plink

  3. Hi.

    I’m having the same problem as you but i can’t seem to get the script working. Below you can see what script i use.

    Error:
    Server version: SSH-2.0-OpenSSH_5.6
    Using SSH protocol version 2
    We claim version: SSH-2.0-PuTTY_Release_0.62
    Doing Diffie-Hellman group exchange
    Doing Diffie-Hellman key exchange with hash SHA-256
    The server’s host key is not cached in the registry. You
    have no guarantee that the server is the computer you
    think it is.
    The server’s rsa2 key fingerprint is:
    ssh-rsa 2048 57:97:7a:e4:43:b0:6b:02:1e:b1:5d:84:f4:6d:f2:47
    If you trust this host, enter “y” to add the key to
    PuTTY’s cache and carry on connecting.
    If you want to carry on connecting just once, without
    adding the key to the cache, enter “n”.
    If you do not trust this host, press Return to abandon the
    connection.
    Store key in cache? (y/n)

    Much appricated for an answer 🙂

    Script::

    $qlR1 = [regex]”QLogic.+for\s(\w+):”
    $qlR2 = [regex]”Firmware version ([\d|\.]+).+Driver version ([\d|\.]+)”
    $qlR3 = [regex]”BIOS version ([\d|\.]+)”

    $User = “root”
    $Pswd = “************”
    $plink = “C:\plink.exe”
    $plinkoptions = ” -v-pw $Pswd”
    $cmd1 = ‘cat /proc/scsi/qla*/*’
    $remoteCommand = ‘”‘ + $cmd1 + ‘”‘
    $report = @()

    Get-VmHost | % {
    $Computer = $_.Name
    $command = $plink + ” ” + $plinkoptions + ” ” + $User + “@” + $computer + ” ” + $remoteCommand
    $msg = Invoke-Expression -command $command

    # Extract the required info from the $msg variable
    $msg | % {
    if($_ -match $qlR1){
    $row = “” | Select ESXname, HBAtype, HBAfirmware, HBAdriver, BIOS
    $row.ESXname = $Computer
    $row.HBAtype = $qlR1.Match($_).Groups[1].Value
    }
    if($_ -match $qlR2){
    $matches = $qlR2.Match($_)
    $row.HBAfirmware = $matches.Groups[1].Value
    $row.HBAdriver = $matches.Groups[2].Value
    }
    if($_ -match $qlR3){
    $matches = $qlR3.Match($_)
    $row.BIOS = $matches.Groups[1].Value
    $report += $row
    }
    }
    }
    $report

    Like

    Reply

    1. Thanks ! Works perfectly. I’ve been looking for this tip for ages : I call plink within a PHP exec command and I couldn’t get the result.

      Like

      Reply

  4. echo appears to be a cmd shell built-in? As a result, when wrapping this in a VBS wrapper, you need to prefix it with “cmd /c”, as in…

    cmd /c echo y | plink.exe -ssh $line.Server -l $Username -pw $Password exit

    …otherwise, you will receive a “file not found” error from VBS. Took me awhile to figure THAT out. I assume it’s the same with python or perl as well, but if I had python or perl available for this specific application, I wouldn’t be using plink in the first place…

    Like

    Reply

    1. That would be correct, echo is a batch file command so you would need to have a wrapper round it to invoke in VBS or other scripting interfaces, not sure if ‘WScript.echo’ would remove the need to include a wrapper…

      Like

      Reply

  5. echo appears to be a cmd shell built-in? As a result, when wrapping this in a VBS wrapper, you need to prefix it with “cmd /c”, as in…

    cmd /c echo y | plink.exe -ssh $line.Server -l $Username -pw $Password exit

    …otherwise, you will receive a “file not found” error from VBS. Took me awhile to figure THAT out. I assume it’s the same with python or perl as well, but if I had python or perl available for this specific application, I wouldn’t be using plink in the first place…

    Like

    Reply

Leave a comment