1

I would like to pass echo y to plink.exe, so that plink execute a command. How it can be achieved?

os.system(' c:/netapp/python/plink.exe admin@192.168.1.1 -pw xxx  uptime > c:/netapp/python/12.txt')

The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 2048 9d:08:37:a8:d0:34:a3:d2:d8:e5:09:7e:63:08:a9:1b If you trust this host, enter "y" to add the key to

Store key in cache? (y/n)

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Aj B
  • 11
  • 1
  • 3
  • Like the `os.system` documentation tells you, `subprocess` is the preferred mechanism nowadays, and would in principle enable you to do what you're asking. However, as the answers so far all point out, what you want to do is not a good idea. – tripleee Jul 25 '16 at 16:22

3 Answers3

4

Do not!

Verifying host key fingerprint is an integral part of securing your connection. Blindly accepting any host key will make you vulnerable to the man-in-the-middle attacks.

Instead, use the -hostkey switch to provide the fingerprint of the expected/known host key.

c:/netapp/python/plink.exe admin@192.168.1.1 -pw xxx -hostkey 9d:08:37:a8:d0:34:a3:d2:d8:e5:09:7e:63:08:a9:1b your command here

Do not use hacks like feeding y to Plink input. Not only it is insecure. But if there is no host key prompt (because the host key is already cached), the y will end up as an input to the command you are executing. What may lead to undesired results.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
0

Confirming a server's SSH key fingerprint is an important step. This is how you know you've connected to the correct machine, and should always be done with care.

The Plink documentation makes the following suggestion:

To avoid being prompted for the server host key when using Plink for an automated connection, you should first make a manual connection (using either of PuTTY or Plink) to the same server, verify the host key (see section 2.2 for more information), and select Yes to add the host key to the Registry. After that, Plink commands connecting to that server should not give a host key prompt unless the host key changes.

ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
0

This is an old question, but sometimes you are setting up a new device or are connecting to a host on the LAN and real security isn't a practical issue.

The solution is to connect to the target host first with Plink and press i for information. Plink will display the hostkey. Grab that key value and put it on the commandline of a 2nd plink command.

Here is a verison, in (probably bad) powershell:

$hostKey=(echo "i`n" | plink $HostIp) 2>&1  | select-string -Pattern '(\w{2}:){5}' | % {($_ -split " ")[2] }

$sshArgs = @( "-batch", "-hostkey", "$hostKey", "-pw", "'${hostPass}'", 
              "-P", "${HostPort}", "${hostUser}@${HostIp}", ${remoteCmd} )

$cmd = "& plink $sshArgs"

$result = Invoke-Expression -Command ${cmd}
Aaron S
  • 1