Putty won't cache the keys to access a server when run script in hudson

Question

I had a simple automation process to write which needed to copy a few files from linux server to windows via SSH. This can be accomplished using putty.

SSH, as part of the protocol, verifies the host’s identity and if not known to be correct, will prompt you to accept the host’s identity. When I manually connect the linux server with putty , it won’t prompt any information to accept the host’s identity. But once I put this automation process into Hudson as schedule job. The exact message was:

The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 1024 cc:78:13:a3:68:a6:59:7e:b8:23:2d:13:3e:66:9b:b9 If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) Connection abandoned.

Usually you would hit “Y” here, assuming the host key is correct, in order to store it in future connection. The storage of this goes into the Registry under HKEY_CURRENT_USER\Software\SimonTatham\Putty\SshHostKeys

But unfortunately , the automation process running in Hudson cannot do interaction by hit “Y” to store host key in putty cache. And also I cannot reproduce the issue by simply run the automation process under dos command.

Does anyone know how to resolve the problem?

Answer 1

echo y | pscp -i /path/to/key/file user@remote:/tmp/file  .
echo y | plink -i /path/to/key/file scripts.sh

it will store host key fingureprint to following location at the first time, and will ignore "y" next time

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

Answer 2

For internal servers, the blind echo y | ... trick is probably adequate (and super simple).

However, for external servers accessed over the internet, it is much more secure to accept the server host key once rather than blindly accepting every time.

---

Create a .reg file that you can run on the client machine(s).

• Connect interactively from any machine plink ...
• Verify and accept the host key
• Open regedit
• Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
• Right-click the entry (will have a name like rsa2@<port>:<address>)
• Export to .reg file

---

Cache the host key on client machine(s)

• Run the .reg file on any client machine that will to connect to that server
• Make sure to login using the user account that will run plink (i.e. in case it is a service account)

Answer 3

I also had this problem when using a batch scheduler that uses the Local System account. With this account you can't log on to accept the host key or manually set the HKEY_CURRENT_USER value. I found that creating the following key:

HKEY_USERS\.DEFAULT\Software\SimonTatham\PuTTY\SshHostkeys

and adding the host string value here worked for the Local System account.

Answer 4

As of 9 Sep 2014 with the corresponding version of plink (tested with plink 0.66), you can use the -hostkey option, as documented here:

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/accept-host-keys.html

Using the key in the original question:

plink -hostkey cc:78:13:a3:68:a6:59:7e:b8:23:2d:13:3e:66:9b:b9 user@remote 

I successfully used "-hostkey" in my scripts to get around the initial host key prompting problem.

"-hostkey" is also documented to work with pscp (version 0.66).

Note that you have to change the hostkey if you change hosts or the sshd server recalculates the key.

Answer 5

echo y | plink -ssh <username@remotemachine> -pw <password> exit
plink -ssh <username@remotemachine> -pw <password> [yourcommand]

Explanation: Using echo to pipe, the user input 'y' to the selected command and then exit. The next statement will then invoke the plink executable a second time to run your command.

Answer 6

I was having this problem when using Bazaar, and manually setting my ssh client to be putty rather then the built in paramiko, and I was getting the exact same problem, where it was trying to say the key was not in the 'known hosts' and asking if i should verify it, but due to it being run by a different program and not in a normal terminal it just exited immediately.

If you can, just run putty and connect to the server manually to get it to save the ssh public key in the registry so when the automated program tries to connect it won't be presented with the y/n option.

Or you can use a small python3 script that i wrote to convert between the two 'known host' formats that putty and openssh use: https://github.com/mgrandi/openssh-putty-knownhost-converter

`

Answer 7

My answer is quite similar to the first one by @Clay as was said in the comments, I'll let it since it refers to a specific case (GIT) and it's somewhat shorter.

When using GIT_SSH="path_to_plink.exe" to use Putty as SSH client, the step to validate the server once is mandatory, else you'll get stuck when Putty asks for an interactive 'y' input:

1. Run plink from a command line: plink <serverName>

2. Validate the first prompt to store the key in cache

3. Exit command with Ctrl+c

Now the client from which you ran the command will no longer prompt for fingerprint validation.

Putty uses the registry instead of file <...>\.ssh\known_hosts, thus you could configure another host by exporting/importing the registry key Computer\HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys. Since this key references current user, you need to import when logged on as the user which will run the GIT commands.

Answer 8

I came here trying to get SourceTree working again after the recent BitBucket host key change since SourceTree helpfully reports what went wrong, but has no way to fix it since you can't respond to the prompt.

With the hints herein offered, I finally figured out that I could simply do:

plink bitbucket.org

Which then prompted for accepting the key to which I responded "y". Having done so, SourceTree was working again with BitBucket using a PuTTY key file.

Answer 9

Run in Admin Mode from Windows PowerShell

pscp -i /path/to/private_key source_file user@ip:/home/location

Answer 10

In similar case I tried running the following in Command line (CMD):

"C:\Users\<my_user_name>\AppData\Local\SourceTree\app-3.4.9\tools\putty\plink.exe" bitbucket..com:7999
7999 is the port for bitbucket - you will use the site you want to access, you will have different path to Plink.exe, so you need to find it and then use it instead the path I suggest. After hitting enter, the same error message appeared with buttons, so I accepted the connection and closed the command promt window. I did not try to log in via the CMD dialogue.

Answer 11

It had been working fine with

pscp file user@dest: 

but then I got the same error. So I did:

pscp -l USERNAME -pw PASSWORD FILE 10.1.1.1:

and that did the trick for me.

Answer 12

Solution via Code: Compile putty/plink to auto accept and store ssh keys

You are prompted to store SSH host keys in cache, Since the user account execute the plink dont have the host in the registry, it hangs, because it waits for reply (yes/no..).
If you want to solve this via code, get putty source code, make some changes, compile, and use the new plink binary - one that store ssh host key without the prompt.
How to do it ? For windows, I do the following:

• Download latest putty source code from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  (Look for “Source code” section and download" Windows Source archive")
  Attention: To open putty source code with Visual Studio, you must download a release version, If you checkout to a specific commit (or head), the Visual Studio solution files will not exist since they are created during build.
  Taken from: Cannot compile PuTTY, Plink or Pscp on Windows due to missing Windows/MSVC subdirectory

• Source code needs to be updated, What we want to change is located at function verify_ssh_host_key(..) in "wincons.c", We want to comment out the part of code that prompt for yes/no and just store the key, Start with comment out the prompt code:

  /*hin = GetStdHandle(STD_INPUT_HANDLE);
  GetConsoleMode(hin, &savemode);
  SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
           ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
  ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
  SetConsoleMode(hin, savemode);
  
  if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
  if (line[0] == 'y' || line[0] == 'Y')
  store_host_key(host, port, keytype, keystr);
  return 1;
  } else {
    fprintf(stderr, abandoned);
    return 0;
  }*/  
  

Continue with adding the following lines instead (code that responsible for storing the host key):

store_host_key(host, port, keytype, keystr);
return 1;

Compile the solution and take plink/pscp.. you're good to go without prompt, it accept the ssh host key and store then in the registry.