Putty: how to supress security alerts?

5

How can I disable security alerts like "The server's host key is not cached in registry, bla-bla-bla", "host identity is changed, there is man-in-the middle", etc

They are needless in cloud hosting environment, where a lot of new server instances appear. And also, it is quite normal if there eventually will be a new server on the same IP.

In linux ssh client I have done it with the following lines in my .bashrc:

alias ssh='ssh -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" -o "CheckHostIP=no"'
alias scp='scp -o "StrictHostKeyChecking no" -o "UserKnownHostsFile=/dev/null" -o "CheckHostIP=no"'
But how to do it in putty?

user78041

Posted 2010-02-12T20:12:24.737

Reputation: 221

Answers

4

I use AutoHotkey to create a script that runs in the background and scans for any particular warning popups that I don't care about, closing them automatically.

#Persistent
    SetTimer, ClosePopups, 100  ; Check every 1/10 of a second
return

ClosePopups:
    ; Putty popup definition
    IfWinExist, PuTTY Security Alert
    {
        WinActivate PuTTY Security Alert
        Send !y ; Press Alt+Y
    }

    ; Here's another example of a popup definition, for reference
    IfWinExist, Cisco AnyConnect Secure Mobility Client
    {
        WinGetText, output, Cisco AnyConnect Secure Mobility Client
        if output contains Connecting to this server may result in a severe security compromise
        {
            WinActivate Cisco AnyConnect Secure Mobility Client
            Send {Tab}{Space}
        }
    }

return

James

Posted 2010-02-12T20:12:24.737

Reputation: 281

My fellow James. These 2 things have bothered me for a long time. Thanks. – SuperJames – 2018-04-05T17:48:07.293

3

There doesn't seem to be any hope:

No, there isn't. And there won't be. Even if you write it yourself and send us the patch, we won't accept it.

ziya

Posted 2010-02-12T20:12:24.737

Reputation: 486

Hm. Maybe a 3rd party launcher... – None – 2010-02-12T21:31:57.040

2

I found a solution for this.

Whenever you log in through Putty to any machine for first time, you will get that security message. Click Yes and it will cache the server’s host key in your system. The alert will not be displayed if you log in as the same user next time.

So the trick is:

Check in Appdata\Local Folder

After the host key is cached then you will see below mentioned files (.DAT and .RND) in the following location:

C:\Users\your_User\Appdata\Local

GDIPFONTCACHEV1.DAT and PUTTY.RND

Now just copy and paste both files for every user with which you want to log in at the same location C:\Users\Another_User\Appdata\Local

This worked for me.

ketan Gaikwad

Posted 2010-02-12T20:12:24.737

Reputation: 21

1

After much searching, found the answer here:

echo y | ssh -pw yourpassword root@yourservername.com

http://www.governmentsecurity.org/forum/index.php?showtopic=29368

idrinkpabst

Posted 2010-02-12T20:12:24.737

Reputation: 111

That link is now unavailable, and there is no program named ssh in PuTTY, but there is a program plink which does fix the cache with those arguments and input, although for me it (in 0.64) it doesn't exit properly unless I add -m NUL. – dave_thompson_085 – 2016-06-22T01:10:02.217

1

The accepted host keys for a specific user are stored in the registry. Once the current user has accepted the key(s), they can then be made available to others by exporting the registry entries from the current user, modifying the path to the new user, and then importing them back in.

  1. Using REGEDIT, export:

    [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys]

  2. Open the .reg file that contains the export

  3. Change all instances of

    HKEY_CURRENT_USER

    to

    HKEY_USERS\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx

where S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx is the SID of the user in question.

  1. Run the .reg file to import back into the registry for that user:

    [HKEY_USERS\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxx\Software\SimonTatham\PuTTY\SshHostKeys]

NOTE: Username/SID mappings can be found in:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

Mike C

Posted 2010-02-12T20:12:24.737

Reputation: 11

0

There is no "voluntary" flag to ignore the ssh warning.

Here is what I did to get around this:

$wshell = New-Object -ComObject wscript.shell

foreach($thisHost in $hostList)
{  
    foreach($file in $list)
    {
        .... stuff
        Write-Host "Copying file: " $file.FullName
        .... stuff
        Start-Process $PuttyExe -ArgumentList ($args)
        $wshell.SendKeys("Y")
        $wshell.SendKeys("{ENTER}")
        Sleep 1 
    }
}

user913026

Posted 2010-02-12T20:12:24.737

Reputation: 1

0

It is as i solved using C#...

  IntPtr x = FindWindow("#32770", "PuTTY Security Alert");
  IntPtr child = FindWindowEx(x, IntPtr.Zero, "Button", null);
  const int BM_CLICK = 0x00F5;
  SendMessage(child, BM_CLICK, IntPtr.Zero, IntPtr.Zero);

hector maldonado

Posted 2010-02-12T20:12:24.737

Reputation: 1

3Can you explain (1) how to use this, and (2) how it works? Please do not respond in comments; [edit] your answer to make it clearer and more complete. – Scott – 2019-05-17T21:01:13.053

-1

You could try the following option:

putty settings

x29a

Posted 2010-02-12T20:12:24.737

Reputation: 393

-1

Based on one of the answers above, this has worked for me with ver 0.70:

echo y | plink -pw password -m NUL user@host

After this putty doesn't show a prompt: putty -ssh -pw password user@host

Abhijeet Gaiha

Posted 2010-02-12T20:12:24.737

Reputation: 1

-1

just use switch "-batch", e.g. plink -batch -ssh ...

Alex P

Posted 2010-02-12T20:12:24.737

Reputation: 1

Asked: 2010-02-12T20:12:24.737

Viewed: 19 762 times

Active: 2019-05-17T20:26:46.710