问题
I had a simple automation process to write which needed to copy a few files from linux server to windows via SSH. This can be accomplished using putty.
SSH, as part of the protocol, verifies the host’s identity and if not known to be correct, will prompt you to accept the host’s identity. When I manually connect the linux server with putty , it won’t prompt any information to accept the host’s identity. But once I put this automation process into Hudson as schedule job. The exact message was:
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 1024 cc:78:13:a3:68:a6:59:7e:b8:23:2d:13:3e:66:9b:b9 If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) Connection abandoned.
Usually you would hit “Y” here, assuming the host key is correct, in order to store it in future connection. The storage of this goes into the Registry under HKEY_CURRENT_USER\Software\SimonTatham\Putty\SshHostKeys
But unfortunately , the automation process running in Hudson cannot do interaction by hit “Y” to store host key in putty cache. And also I cannot reproduce the issue by simply run the automation process under dos command.
Does anyone know how to resolve the problem?
回答1:
echo y | pscp -i /path/to/key/file user@remote:/tmp/file .
echo y | plink -i /path/to/key/file scripts.sh
it will store host key fingureprint to following location at the first time, and will ignore "y" next time
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
回答2:
For internal servers, the blind echo y | ... trick is probably adequate (and super simple).
However, for external servers accessed over the internet, it is much more secure to accept the server host key once rather than blindly accepting every time.
Create a .reg file that you can run on the client machine(s).
- Connect interactively from any machine
plink ... - Verify and accept the host key
- Open
regedit - Navigate to
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys - Right-click the entry (will have a name like
rsa2@<port>:<address>) - Export to .reg file
Cache the host key on client machine(s)
- Run the .reg file on any client machine that will to connect to that server
- Make sure to login using the user account that will run
plink(i.e. in case it is a service account)
回答3:
I also had this problem when using a batch scheduler that uses the Local System account. With this account you can't log on to accept the host key or manually set the HKEY_CURRENT_USER value.
I found that creating the following key:
HKEY_USERS\.DEFAULT\Software\SimonTatham\PuTTY\SshHostkeys
and adding the host string value here worked for the Local System account.
回答4:
As of 9 Sep 2014 with the corresponding version of plink (tested with plink 0.66), you can use the -hostkey option, as documented here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/accept-host-keys.html
Using the key in the original question:
plink -hostkey cc:78:13:a3:68:a6:59:7e:b8:23:2d:13:3e:66:9b:b9 user@remote
I successfully used "-hostkey" in my scripts to get around the initial host key prompting problem.
"-hostkey" is also documented to work with pscp (version 0.66).
Note that you have to change the hostkey if you change hosts or the sshd server recalculates the key.
回答5:
echo y | plink -ssh <username@remotemachine> -pw <password> exit
plink -ssh <username@remotemachine> -pw <password> [yourcommand]
Explanation: Using echo to pipe, the user input 'y' to the selected command and then exit. The next statement will then invoke the plink executable a second time to run your command.
回答6:
I was having this problem when using Bazaar, and manually setting my ssh client to be putty rather then the built in paramiko, and I was getting the exact same problem, where it was trying to say the key was not in the 'known hosts' and asking if i should verify it, but due to it being run by a different program and not in a normal terminal it just exited immediately.
If you can, just run putty and connect to the server manually to get it to save the ssh public key in the registry so when the automated program tries to connect it won't be presented with the y/n option.
Or you can use a small python3 script that i wrote to convert between the two 'known host' formats that putty and openssh use: https://github.com/mgrandi/openssh-putty-knownhost-converter
`
回答7:
Solution via Code: Compile putty/plink to auto accept and store ssh keys
You are prompted to store SSH host keys in cache, Since the user account execute the plink dont have the host in the registry, it hangs, because it waits for reply (yes/no..).
If you want to solve this via code, get putty source code, make some changes, compile, and use the new plink binary - one that store ssh host key without the prompt.
How to do it ? For windows, I do the following:
Download latest putty source code from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
(Look for “Source code” section and download" Windows Source archive")
Attention: To open putty source code with Visual Studio, you must download a release version, If you checkout to a specific commit (or head), the Visual Studio solution files will not exist since they are created during build.
Taken from: Cannot compile PuTTY, Plink or Pscp on Windows due to missing Windows/MSVC subdirectorySource code needs to be updated, What we want to change is located at function verify_ssh_host_key(..) in "wincons.c", We want to comment out the part of code that prompt for yes/no and just store the key, Start with comment out the prompt code:
/*hin = GetStdHandle(STD_INPUT_HANDLE); GetConsoleMode(hin, &savemode); SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); ReadFile(hin, line, sizeof(line) - 1, &i, NULL); SetConsoleMode(hin, savemode); if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') { if (line[0] == 'y' || line[0] == 'Y') store_host_key(host, port, keytype, keystr); return 1; } else { fprintf(stderr, abandoned); return 0; }*/
Continue with adding the following lines instead (code that responsible for storing the host key):
store_host_key(host, port, keytype, keystr);
return 1;
Compile the solution and take plink/pscp.. you're good to go without prompt, it accept the ssh host key and store then in the registry.
回答8:
Run in Admin Mode from Windows PowerShell
pscp -i /path/to/private_key source_file user@ip:/home/location
回答9:
It had been working fine with
pscp file user@dest:
but then I got the same error. So I did:
pscp -l USERNAME -pw PASSWORD FILE 10.1.1.1:
and that did the trick for me.
来源:https://stackoverflow.com/questions/13598996/putty-wont-cache-the-keys-to-access-a-server-when-run-script-in-hudson