30

I've been trying to issue commands using plink to retrieve information from my external server. Note that these plink commands are run from a binary that expects no input from the user. Is there a flag that will allow me to override this error message and continue with program output?

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

Thank you!

Damian Balawender
  • 3
  • 3
Tad Oh
  • 303
  • 1
  • 3
  • 5
  • The real issue is that either git doesn't properly give away input to plink or vice versa plink doesn't properly take it. If you launch `git clone` in, e.g. "git bash", the input (Y/n) goes then into bash prompt, and bash usually responds with `bash: y: command not found`. – andrybak Nov 18 '15 at 15:47
  • You might use klink from [kitty's project](http://www.9bis.net/kitty/?page=Download). This's the fork of putty. There's the key: -auto-store-sshkey. –  Feb 28 '19 at 15:27
  • If you are using the -batch switch, you should do an initial interactive plink logon (without that switch) to set this up and respond to the prompt. Yes, as another answer suggests this can be automated, but it is only required once. – mckenzm May 28 '21 at 05:38

5 Answers5

29

Try prepending your script with:

echo y | plink -ssh root@REMOTE_IP_HERE "exit"

This will pipe the y character through stdin to plink when you get the Store key in cache? (y/n) prompt, allowing all further plink commands to pass through without the need of user input. The exit command will close the SSH session after it has been established, allowing the following plink commands to run.

Here's an example script which writes the external server's Unix time to a local file:

echo y | plink -ssh root@REMOTE_IP_HERE "exit"
plink -ssh root@REMOTE_IP_HERE "date -t" > remote_time.tmp

Pipelining Reference: http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-4.html

Daniel Li
  • 837
  • 2
  • 10
  • 23
3

PuTTY and plink.exe share the same cache of 'acceptable server keys' on the host they are installed on.

So if your scenario is interactive (and hence your frustration not being heard when you press 'y' or 'n'), a workaround is to attempt a connection with PuTTY first.

When doing this:

  • You'll open PuTTY and pretend to start an interactive SSH session to the server
  • You'll get a Windows dialog box showing the key asking if you want to trust it
  • You'll check the presented key, to ward of MITM's, then press OK
  • Henceforth, plink.exe won't bother to ask if you trust the server or not - it already knows you do
David Bullock
  • 791
  • 3
  • 14
  • 20
  • 2
    I had to write this down because I forgot ... again. I've solved this at least 3 times in the last 10 years :-\ (this last time was my quickest!) A couple of years ago I found a really good answer on SO and saw at the end ... to my surprise ... I'd written it years before! – David Bullock Aug 13 '20 at 06:45
3

The accepted is answer is "acceptable", but unsecure. The best way would be to specify host key to plink to prevent any Man-In-the-Middle attack.

plink -hostkey aa:bb:cc... root@REMOTE_IP_HERE [...]
Clément Moulin - SimpleRezo
  • 129
  • 9
  • That's a good idea, if you want your calling application (say) to manage the 'trust chain'. Sometimes, we don't want to build this infrastructure ourselves, and we're happy to let plink.exe/PuTTY show the server's fingerprint for our review, and let it remember our 'Y' decision for later attempts. In this case, plink.exe is being invoked interactively by the user, but it won't read the user's interactive 'y' or 'n' key. Hence the accepted answer is a workaround to tell plink.exe/PuTTY, "yes, that is the one, please do remember it for me". – David Bullock Aug 13 '20 at 06:37
0

When using SSH, upon first connection you are required to verify a server host key in order to make a connection.

Through plink, the command line will generate a prompt, asking the user to "accept server host key? (y/n)".

Step 1: Fix the "Keyboard Interactive Authentication prompts from server"

Follow the URL instruction and Deselect the "Attempt keyboard Interactive auth (SSH-2) in your putty.

https://support.linuxacademy.com/hc/en-us/articles/360027730172-How-Can-I-Copy-and-Paste-into-Putty-on-Windows

Step 2: Below is the commands will fix the "verify a service host key" for every Linux server first SSH connection using plink.

 echo yes| C:\PuTTY\plink.exe user-name@10.148.147.41 -pw *************** date

Step 3: Now you can immediately ran your next scripts like "server uptime checks" or "monitoring agent restart" using plink with -batch option (disable all interactive prompts)

C:\PuTTY\plink.exe -batch user-name@10.148.147.41 -pw *************** -m C:\uptime_linux.sh 
C:\PuTTY\plink.exe -batch user-name@10.148.147.41 -pw *************** -m C:\monitoring-agent-check_linux.sh

Above mentioned information's 100% will help you to automate the linux tasks using plink utility.

Namasivayam Chinnapillai
  • 45
  • 5
-1

maybe, it will help:

plink -auto_store_sshkey -batch 192.211.158.256 -l user -pw password command
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Falcluft
  • 9