问题
I would like to encrypt a password in PowerShell
I tried this :
In CLI :
Read-Host -prompt "Password ?" -AsSecureString | ConvertFrom-SecureString | out-file "D:\root.pwd"
In my script.ps1 :
$pwsNAS = Get-Content "D:\root.pwd" | ConvertTo-SecureString
plink.exe root@192.168.x.y -pw $pwdNAS df
But it doesn't work...
I tried with credentials, but it doesn't seems to be better...
(My password doesn't have any space or accented character)
Any idea?
回答1:
Of course it doesn't work. plink expects a (cleartext) password for the -pw option, not a SecureString object. If you want to avoid cleartext passwords in your scripts: use public key authentication. If you don't want other people to know your password (or key): give them their own account and password/key.
回答2:
For connecting via ssh you're far better off using a key, generated by PuttyGen or another key generation tool like that.
However, there is a way to convert secure strings into plaintext strings, detailed here. Be aware that: a) it will only work if the same user account both encrypts and decrypts the secure string, and b) it's not hugely secure.
回答3:
For decryption, see PowerShell - Decode System.Security.SecureString to readable password:
$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($pass)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
plink ... -pw $decrypted
Though as suggested by the other answers, you better use public key authentication.
来源:https://stackoverflow.com/questions/14822083/password-encryption-using-securestring-for-plink-exe-command