Putty won't cache the keys to access a server when run script in hudson

Question

I had a simple automation process to write which needed to copy a few files from linux server to windows via SSH. This can be accomplished using putty.

SSH, as part

Answer 1

echo y | pscp -i /path/to/key/file user@remote:/tmp/file  .
echo y | plink -i /path/to/key/file scripts.sh

it will store host key fingureprint to following location at the first time, and will ignore "y" next time

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

Answer 2

Solution via Code: Compile putty/plink to auto accept and store ssh keys

You are prompted to store SSH host keys in cache, Since the user account execute the plink dont have the host in the registry, it hangs, because it waits for reply (yes/no..).
If you want to solve this via code, get putty source code, make some changes, compile, and use the new plink binary - one that store ssh host key without the prompt.
How to do it ? For windows, I do the following:

• Download latest putty source code from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
  (Look for “Source code” section and download" Windows Source archive")
  Attention: To open putty source code with Visual Studio, you must download a release version, If you checkout to a specific commit (or head), the Visual Studio solution files will not exist since they are created during build.
  Taken from: Cannot compile PuTTY, Plink or Pscp on Windows due to missing Windows/MSVC subdirectory

• Source code needs to be updated, What we want to change is located at function verify_ssh_host_key(..) in "wincons.c", We want to comment out the part of code that prompt for yes/no and just store the key, Start with comment out the prompt code:

  /*hin = GetStdHandle(STD_INPUT_HANDLE);
  GetConsoleMode(hin, &savemode);
  SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
           ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
  ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
  SetConsoleMode(hin, savemode);
  
  if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
  if (line[0] == 'y' || line[0] == 'Y')
  store_host_key(host, port, keytype, keystr);
  return 1;
  } else {
    fprintf(stderr, abandoned);
    return 0;
  }*/  
  

Continue with adding the following lines instead (code that responsible for storing the host key):

store_host_key(host, port, keytype, keystr);
return 1;

Compile the solution and take plink/pscp.. you're good to go without prompt, it accept the ssh host key and store then in the registry.

Answer 3

I also had this problem when using a batch scheduler that uses the Local System account. With this account you can't log on to accept the host key or manually set the HKEY_CURRENT_USER value. I found that creating the following key:

HKEY_USERS\.DEFAULT\Software\SimonTatham\PuTTY\SshHostkeys

and adding the host string value here worked for the Local System account.

Answer 4

echo y | plink -ssh <username@remotemachine> -pw <password> exit
plink -ssh <username@remotemachine> -pw <password> [yourcommand]

Explanation: Using echo to pipe, the user input 'y' to the selected command and then exit. The next statement will then invoke the plink executable a second time to run your command.

Answer 5

For internal servers, the blind echo y | ... trick is probably adequate (and super simple).

However, for external servers accessed over the internet, it is much more secure to accept the server host key once rather than blindly accepting every time.

---

Create a .reg file that you can run on the client machine(s).

• Connect interactively from any machine plink ...
• Verify and accept the host key
• Open regedit
• Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
• Right-click the entry (will have a name like rsa2@<port>:<address>)
• Export to .reg file

---

Cache the host key on client machine(s)

• Run the .reg file on any client machine that will to connect to that server
• Make sure to login using the user account that will run plink (i.e. in case it is a service account)

Answer 6

Run in Admin Mode from Windows PowerShell

pscp -i /path/to/private_key source_file user@ip:/home/location