We use some software that will SSH to a bunch of machines and do something. The problem is in our test lab, the virtual machine’s are re-new (destroy and re-created) very often, so the software will treat the virtual machine as new, which it is, and will fail because the authenticity of the host cannot be established. I was told to manually PuTTY in and accept the host key, and after the software will be happy.
Doing this with a few hundreds virtual machines is not fun.
So, I want to know is there any a command tool that I can automate to accept the host key for PuTTY? We are in a closed lab, so I am not too worried about security.
I know there are some solutions for Linux environment, but this one is Windows.
64 Answers
@Paul above suggested to use pscp. It works great, is super simple, and totally scriptable:
C:\> echo y | pscp.exe -l user -pw password -ls 192.168.0.1:/On their official site, the developers made clear that such a feature won't be available in PuTTY (emphasis by me):
An option to automatically accept all SSH host keys. For some reason lots of people seem to think this would be a really useful feature. I'm sure it would be very convenient, but at the expense of security! The whole point of host keys is that they're the only guarantee you have that your connection hasn't been hijacked by an active attacker between you and the server, and that your data isn't being decrypted by the attacker and re-encrypted. If you want to schedule an automated batch job to use PSCP or Plink, and the interactive host key prompt is making this difficult, add the correct host key to the registry ahead of time. (Update, 2014-09-09: or if the Registry isn't available, you can use the new -hostkey option to specify the right key or fingerprint on the command line.) That way you still get the convenience, but without losing the security. We will not accept a command line option to turn off host key checking, no matter how many people have already done the work and send us polished production-quality patches.
If you have host keys available in the common `known_hosts' format, we have a script to convert them to a Windows .REG file which can be installed ahead of time by double-clicking.
Source:
So unfortunately, PuTTY cannot achieve this without user interaction.
1I ran into the same problem writing a powershell scrip to interact with kitty to backup all of our switch configurations. I found a post on a different forum from a guy who is trying to interact with the Microsoft calculator program. My program basically waits until the accept RSA key window opens then sends the y key. Here is the post that I found: Provide Input to Applications with PowerShell
I know it's an old post, but this might be a way to use Powershell with pscp and keep a little bit of security. It's still an unfinished not fully tested script but maybe one way...
$storeddevicehostkeypath = "C:\temp\_hostkeys\keyfile.tmp"
pscp -batch -v dummyusertogethostkey@192.168.0.1:validatekey dummy2validatekey 2>&1 | tee -Variable allOutput | out-null
$stderr = $allOutput | ?{ $_ -is [System.Management.Automation.ErrorRecord] }
$stdout = $allOutput | ?{ $_ -isnot [System.Management.Automation.ErrorRecord] }
$hostkey = ([regex]"(?>ssh-[a-zA-Z0-9]{1,9}) (?>[0-9]{3,4}) ((?>[0-9a-f]{2}:){15}[0-9a-f]{2})").match("$stderr").Groups[1].value
"Validate if hostkey changed or already known"
if (test-path $storeddevicehostkeypath) { if ($hostkey -eq (gc $storeddevicehostkeypath)) {"Hostkey has not changed since last login"} else {"NO ACCESS GRANTED because of security rule! Hostkey has changed!"; exit 2}
} else { "hostkey not stored unter $storeddevicehostkeypath - creating new file" $hostkey | out-file -FilePath "$storeddevicehostkeypath"
}
"Trying to connect with hostkey $hostkey"
pscp -batch -hostkey $hostkey -v admin@192.168.0.1:sys back 2>&1 | tee -Variable allOutput | out-null
$allOutput[-1].ToString()As already mentioned - not fully tested and unfinished
