VBA Excel代码使用回波y与PLink [英] VBA Excel code using echo y with PLink

问题描述

警告：**如果您使用不了解的设备/ IP，请确保不使用此方法。您不希望自动缓存Ssh主机密钥，这些密钥对于您。请小心。

我的代码的目的是从VBA Excel运行ssh，通过 plink.exe 给出IP的列表。我只是检查SSH连接，IP的列表是动态的。

我正在尝试通过 y 运行ssh使用 plink.exe 。 y 的原因是因为PLink（PuTTY）首次要求缓存IP。

Echo y 在命令提示符下自动执行，并正常运行。

  C：\\ \\> echo y | Users\Admin\Desktop\plink.exe -ssh 10.0.0.1 
  

该命令通过 y 并且缓存了IP，这将使我的代码自动化，代码遍历整个列表。

我无法在VBA excel（这是工具的地方）中执行相同的命令，并且需要有关如何实现它的指导。请指出我出错的地方。

  Dim strShellCommand As String 
 Dim filename As String 
 Dim Run As String 
 Dim a As String 
 Dim b As String 
 
 filename = Sheet1.Cells（8，2）.Value 
a =echo y | 
 b =-ssh
 
'评论！ 
'filename from cell =C：\Users\Admin\Desktop\plink.exe
'echo y | C：\Users\Admin\Desktop\plink.exe -ssh 10.0.0.1 
'strCompaddress是任何IP 
 
 Run = a& &文件名& & b& & strCompAddress 
 
设置osh = CreateObject（Wscript.Shell）
设置oEx = osh.Exec（运行）
  

解决方案

不要试图规避SSH主机密钥的验证。这是为了您自己的安全目的：

这是SSH协议的一项功能。它旨在保护您免受被称为欺骗的网络攻击：将您的连接重定向到其他计算机，以便将密码发送到错误的机器。使用这种技术，攻击者将能够学习保护您的登录帐户的密码，然后可以像您一样登录，并将其用于自己的目的。

---

使用 -hostkey 切换，以提供预期主机密钥的指纹。

3.8.3.20 -hostkey ：手动指定一个预期的主机密钥

此选项通过告诉它正确的预期主机密钥来覆盖PuTTY的普通SSH主机密钥缓存策略，如果注册表中的正常自动主机密钥存储不可用，这是有用的。此选项的参数应为主机密钥指纹或SSH-2公钥blob。请参阅第4.20.2节获取更多信息。

如果要配置多个要接受的密钥，您可以多次指定此选项。

请注意，在PuTTY / PLink 0.64中引入了 -hostkey 开关。

---

如果您使用代码测试连接，为什么需要接受主机密钥？服务器能够提供主机密钥的事实证明了连接性。

---

如果您真的使用代码来缓存主机密钥，这样他们就没有点击是为每个IP缓存它， 不要。这是绝对不能接受的。不仅你打破了自己的安全。您故意破坏将不知不觉中信任您盲目接受的任何主机密钥的其他用户的安全性。

预先缓存主机密钥的唯一正确方法是导入已知的主机密钥到注册表。

导出个人验证（我的意思是）主机密钥从注册表到一个文件，如 SshHostKeys.reg ：

  [HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys ] 
 的RSA2 @ 22：example.com=0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38 c9d19703c549892e5aa78dc95e250514069
  

并在目标机器上导入。

例如使用：

  reg import SshHostKeys.reg 
  pre> 
 
 
 
 
 
如果您真的不关心安全性，例如因为您正在连接在私人网络中使用：
  Run = Environ（COMSPEC）& / c echo y |&文件名& -ssh& strCompAddress 
  
（假设路径为 plink.exe   filename ）
 
 
 
要使输入重定向工作，您必须通过shell解释器（ cmd.exe的）。环境变量 COMSPEC 指向它（通常 C：\WINDOWS\system32\cmd.exe ）。 
 
 
 
另请参阅从Excel VBA将输入重定向到可执行文件。 
 
WARNING: **PLEASE MAKE SURE THAT YOU DO NOT USE THIS APPROACH IF YOU ARE WORKING WITH UN-TRUSTED DEVICES/IP's. You do not want to automatically cache Ssh Host Keys which are unknown to you. Do take care.

The purpose of my code is to run ssh through plink.exe from VBA Excel for a given list of IP's. I am just checking for SSH connectivity and IP's list is dynamic.

I am trying to pass y when running ssh using plink.exe. The reason for y is because first time PLink (PuTTY) asks for caching the IP.

Echo y does that automatically from command prompt and runs fine as below.
C:\>echo y | Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
The command passes y and the IP is cached which makes my code automated and the code cycles through the whole list.

I am unable to execute that same command in VBA excel (which is where the tool is) and would need guidance in how to implement it. Please suggest where I am going wrong.
Dim strShellCommand As String
Dim filename As String
Dim Run As String
Dim a As String
Dim b As String

filename = Sheet1.Cells(8, 2).Value
a = "echo y |"
b = "-ssh"

' Comments!!
' filename from cell = "C:\Users\Admin\Desktop\plink.exe"
' echo y | C:\Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
' strCompaddress is any IP

Run = a & " " & filename & " " & b & " " & strCompAddress

Set osh = CreateObject("Wscript.Shell")
Set oEx = osh.Exec(Run)

解决方案
Do not try to circumvent the verification of the SSH host key. It's there by purpose for your own security:

  
This is a feature of the SSH protocol. It is designed to protect you against a network attack known as spoofing: secretly redirecting your connection to a different computer, so that you send your password to the wrong machine. Using this technique, an attacker would be able to learn the password that guards your login account, and could then log in as if they were you and use the account for their own purposes. 




Use the -hostkey switch instead to provide a fingerprint of the expected host key.

  
3.8.3.20 -hostkey: manually specify an expected host key
  
  
This option overrides PuTTY's normal SSH host key caching policy by telling it exactly what host key to expect, which can be useful if the normal automatic host key store in the Registry is unavailable. The argument to this option should be either a host key fingerprint, or an SSH-2 public key blob. See section 4.20.2 for more information.
  
  
You can specify this option more than once if you want to configure more than one key to be accepted. 
Note that the -hostkey switch was introduced in PuTTY/PLink 0.64.



If you use your code to test connectivity, why do you need to accept the host key? The mere fact that the server was able to present the host key is proof of the connectivity.



If you really use your code to cache the host keys, so that "they don't have the click 'yes' for every IP to cache it, " do not. That's absolutely unacceptable. Not only that you break your own security. You deliberately break security of other users that will unknowingly trust any host key that you blindly accepted.

The only correct way to pre-cache the host keys is by importing the known host keys to the registry.

Export personally verified (I mean it) host keys from your registry to a file like SshHostKeys.reg:
[HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys]
"rsa2@22:example.com"="0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38c9d19703c549892e5aa78dc95e250514069"
and import them on the target machine.

For example using:
reg import SshHostKeys.reg




If you really do not care about a security, for example because you are connecting within a private network, use:
Run = Environ("COMSPEC") & " /c echo y | " & filename & " -ssh " & strCompAddress
(assuming a path to plink.exe in filename)

To make an input redirection working, you have to run the process via shell interpreter (cmd.exe). The environment variable COMSPEC points to it (typically C:\WINDOWS\system32\cmd.exe).

See also Redirecting input to an executable from Excel VBA.

                        
这篇关于VBA Excel代码使用回波y与PLink的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！