PowerShell脚本将SecureString作为帐户和sudo密码传递给Plink [英] PowerShell script to pass SecureString to Plink as account and sudo passwords

问题描述

我正在尝试使用Powershell(以便能够屏蔽密码)在远程Linux机器上运行Plink命令，以在/opt ...下给出前20个目录.

I'm trying to use Powershell (in order to be able to mask the password) to run Plink command on remote Linux machine to give top 20 directories under /opt...

它已连接，密码已正确屏蔽但没有结果 写输出显示汇编的命令字符串是正确的...

It connects, password is properly masked but no results Write-output shows the assembled command string is correct...

，但它似乎挂起并且不返回结果.可能是写输出结果与plink实际发送的结果不同吗?

but it just appears to hang and does not return results. could the it be that the write-output results is different than what plink actually sends?

当我将写输出复制到cmd提示符并直接运行它时，它可以工作(而且由于sudo，它仍然再次请求密码，但它确实可以工作并返回预期的结果...

When I copy the write-output to cmd prompt and directly run it, it works (well it still requests the password a second time because of sudo, but it does work and returns the expected results...

让它不需要sudo的第二个密码肯定会是一个很大的胜利，但是现在我只需要弄清楚为什么它不返回结果即可.

getting it to not require second password for sudo would definitely be a big win, but now I just need to figure out why it's not returning results.

关于使用多个参数的说明，我发现以这种方式组装起来更容易;)

Note on using multiple arguments, I found it easier to assemble that way ;)

$UserName = Read-Host -Prompt "What is your username?"
$SecPassword = Read-host "what is your password?" -AsSecureString
$ServerName = Read-Host -Prompt "What is the server name?"
$Password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecPassword))
$Command = "C:\Tools\plink.exe"
$arg1  =  '-ssh'
$arg2 = $UserName+'@'+$ServerName
$arg3 = '-pw'
$arg4 = $SecPassword 
$arg5 = '-t'
$arg6 = 'echo' 
$arg7 =  '-e'
$arg8 = $SecPassword
$arg10 = ' | ' 
$arg11 = 'sudo du -aSh /opt/*'
$arg12 = ' | '
$arg13 = 'sort -rh'+' | '
$arg14 = 'head -n 20'
$CommandOut = "$Command $arg1 $arg2 $arg3 $arg4 $arg5 $arg6 $arg7 $arg8 $arg10 $arg11 $arg12 $arg13 $arg14"
Write-Output $CommandOut
& $Command $arg1 $arg2 $arg3 $arg4 $arg5 $arg6 $arg7 $arg8 $arg10 $arg11 $arg12 $arg13 $arg14

推荐答案

c:\ Tools \ plink.exe -ssh john@192.168.2.100 -w System.Security.SecureString -t echo -e System.Security.SecureString | sudo du -ash/opt/* |排序-rh |头-n 20

c:\Tools\plink.exe -ssh john@192.168.2.100 -w System.Security.SecureString -t echo -e System.Security.SecureString | sudo du -ash /opt/* | sort -rh | head -n 20

这永远都行不通.

Plink仅将System.Security.SecureString视为文字字符串.因此，Plink将使用"System.Security.SecureString"作为密码.不是真实的密码.你在做什么实际上是胡说八道.您不能使用PowerShell 掩盖密码" .这是没有意义的.您必须将真实密码传递给Plink.没有办法屏蔽"密码(至少在命令行中没有指定).

Plink sees only System.Security.SecureString as a literal string. So Plink will use "System.Security.SecureString" as a password. Not the real password. What you are doing is actually nonsense. You cannot use PowerShell to "mask the password". That makes no sense. You have to pass real password to Plink. There is no way to "mask" the password (at least not, when specified on a command-line).

这实际上是 XY问题.

这篇关于PowerShell脚本将SecureString作为帐户和sudo密码传递给Plink的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！