I'm trying to use Powershell (in order to be able to mask the password) to run Plink command on remote Linux machine to give top 20 directories under /opt...
It connects, password is properly masked but no results Write-output shows the assembled command string is correct...
but it just appears to hang and does not return results. could the it be that the write-output results is different than what plink actually sends?
When I copy the write-output to cmd prompt and directly run it, it works (well it still requests the password a second time because of sudo, but it does work and returns the expected results...
getting it to not require second password for sudo would definitely be a big win, but now I just need to figure out why it's not returning results.
Note on using multiple arguments, I found it easier to assemble that way ;)
$UserName = Read-Host -Prompt "What is your username?"
$SecPassword = Read-host "what is your password?" -AsSecureString
$ServerName = Read-Host -Prompt "What is the server name?"
$Password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecPassword))
$Command = "C:\Tools\plink.exe"
$arg1 = '-ssh'
$arg2 = $UserName+'@'+$ServerName
$arg3 = '-pw'
$arg4 = $SecPassword
$arg5 = '-t'
$arg6 = 'echo'
$arg7 = '-e'
$arg8 = $SecPassword
$arg10 = ' | '
$arg11 = 'sudo du -aSh /opt/*'
$arg12 = ' | '
$arg13 = 'sort -rh'+' | '
$arg14 = 'head -n 20'
$CommandOut = "$Command $arg1 $arg2 $arg3 $arg4 $arg5 $arg6 $arg7 $arg8 $arg10 $arg11 $arg12 $arg13 $arg14"
Write-Output $CommandOut
& $Command $arg1 $arg2 $arg3 $arg4 $arg5 $arg6 $arg7 $arg8 $arg10 $arg11 $arg12 $arg13 $arg14
c:\Tools\plink.exe -ssh john@192.168.2.100 -w System.Security.SecureString -t echo -e System.Security.SecureString | sudo du -ash /opt/* | sort -rh | head -n 20
This cannot ever work.
Plink sees only System.Security.SecureString as a literal string. So Plink will use "System.Security.SecureString" as a password. Not the real password. What you are doing is actually nonsense. You cannot use PowerShell to "mask the password". That makes no sense. You have to pass real password to Plink. There is no way to "mask" the password (at least not, when specified on a command-line).
This is actually XY question.
I solved it, with help of the following link on this site. I was not decrypting the password correctly, so Plink could read it… (Thanks M Prikryl)
In my original attempt, the connection was being made but it wasn’t really authenticating correctly and It wasn’t evident… the session just hung..
PowerShell - Decode System.Security.SecureString to readable password
$password = ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password)
$result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
$result
来源:https://stackoverflow.com/questions/52436648/powershell-script-to-pass-securestring-to-plink-as-account-and-sudo-passwords