Plink from Windows service cannot find Pageant

末鹿安然 提交于 2019-12-01 05:43:36

问题


I have one windows service which will use plink.exe for SSH connection and I found that Plink cannot find the running Pageant.

Here is the steps I have done so far.

  1. Install Windows service to run as particular user
  2. Before starting Windows service, I log in as that user and start Pageant with PuTTY generated key.
  3. Then I start the Windows service (but I can't manage to make it work since Plink cannot find Pageant and server reply as No supported authentication methods available.)

Note: If I run Windows service as console application with that user, everything is working fine.


回答1:


PLink will be run in Service session (Session\0) while pageant runs in user session (Session\1). Plink uses some interprocess communication which, as it looks from your problem, doesn't work across sessions. Most likely there's MMF communication inside and objects are created without prefix, i.e. they become session-only (not global). You would need to build custom version of plink to solve the problem.




回答2:


Pageant explicitly allows feeding keys to an application (PuTTY, PSFTP, PSCP, WinSCP, FileZilla) running in the same Windows session only. This is obviously for security reasons, not to allow a different user on the same machine hijack private keys loaded by another users. And even for convenience (ironically), so that you do not inadvertently use keys of a different user (leading possibly to having your account locked due to invalid login attempts).

Also note that the Pageant is not intended for an automation anyway. For the automation, use the private key explicitly, using the -i command-line parameter.
See https://the.earth.li/~sgtatham/putty/latest/htmldoc/Chapter3.html#using-cmdline-identity

Such private key have to be unencrypted. Note that this imposes security risk, if someone gains access to the key. You should consider restricting an access to the unprotected private key file to the local account that runs the script only (using Windows file system permissions).




回答3:


As @Eugene point out, it is Session 0 Isolation.

I managed to solve the issue by not using agent but directly passed the private key and password to plink.exe. By doing that, I'm able to run without using pageant.

To start plink.exe without agent;

plink.exe -noagent -i private_key.ppk -pw mypassword -P 1234 user@host.com


来源:https://stackoverflow.com/questions/11775808/plink-from-windows-service-cannot-find-pageant

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!