윈도우 plink - windou plink

The AM remote agent installs and uses Plink (PuTTY Link) as an SSH client to communicate with most types of remote hosts. However, the first time that Plink connects as a given user to a new target it displays the host key and, as a security measure, interactively asks if the host is legitimate. Obviously, the AM remote agent does not support such interactivity with a user, so you must first reassure Plink before gathering inventory.

Since Plink saves the remote host’s key in the registry, you can generate such a registry entry for a convenient log in user and then save the same key under the LocalSystem account that the asset management agent runs as.

To generate a registry entry and save the host key under the LocalSystem account

1. If it has not been done already, generate a public and private SSH key pair using PuTTYgen, for example, and install the public key on the remote target.

2. As a normal login user, run Plink in a command window to the remote host(s) for which inventory is to be gathered, using something like the following:

   "C:\Program Files\CA\DSM\Agent\units\00000001\uam\plink"  - ssh  - i "private_key_file" [email protected] ls
   

   The variable is the absolute path of the file, and is the remote host name. Adjust the Plink path if is installed at some other location.

3. If PuTTY says that the server’s host key is not cached in the registry and asks if you want to add the key, respond affirmatively. The command (ls in this example) should now run successfully. If not, check the SSH key files and repeat if necessary.

4. Search for the cached key in the registry using regedit or some other registry editor. Look under HKEY_CURRENT_USER\Software\SimonTatham\putty\SshHostKeys. Export this key to a temporary file.

5. Edit the export file by replacing all occurrences of HKEY_CURRENT_USER by the LocalSystem SID, HKEY_USERS\S-1-5-18. Save the edited file.

6. In regedit, import the edited file.

7. Check that the HKEY_USERS\S-1-5-18\Software\SimonTatham\putty\SshHostKeys key contains an entry for the remote host.

Plink must be configured for each remote host for which the AM remote agent gathers inventory; so connect to all remote hosts in order to generate host keys, and then run the above export-import procedure once.

If you suspect that Plink may not be configured correctly for the LocalSystem account, run the asset management agent (“caf start amagent”), wait for all AM processes to finish, and then examine the trace file, TRC_UAM_amvminvux_*.log. Search for “The server's host key is not cached in the registry.” If you find such an error, Plink is not correctly configured. Also, if you see the "Access denied" error in the trace file, this usually means a problem with the credentials used to access the remote host, for example, an incorrect password or SSH key.

For detailed information about Plink, refer to the PuTTY/Plink manual on the following website: http://www.chiark.greenend.org.uk/~sgtatham/putty/docs.html

Plink (PuTTY Link) is a command-line connection tool similar to UNIX

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Plink is probably not what you want if you want to run an interactive session in a console window.

7.1 Starting Plink

Plink is a command line application. This means that you cannot just double-click on its icon to run it and instead you have to bring up a console window. In Windows 95, 98, and ME, this is called an �MS-DOS Prompt�, and in Windows NT and 2000 it is called a �Command Prompt�. It should be available from the Programs section of your Start Menu.

In order to use Plink, the file

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

set PATH=C:\path\to\putty\directory;%PATH%

This will only work for the lifetime of that particular console window. To set your

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

7.2 Using Plink

This section describes the basics of how to use Plink for interactive logins and for automated processes.

Once you've got a console window to type into, you can just type

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Once this works, you are ready to use Plink.

7.2.1 Using Plink for interactive logins

To make a simple interactive connection to a remote server, just type

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

You should then be able to log in as normal and run a session. The output sent by the server will be written straight to your command prompt window, which will most likely not interpret terminal control codes in the way the server expects it to. So if you run any full-screen applications, for example, you can expect to see strange characters appearing in your window. Interactive connections like this are not the main point of Plink.

In order to connect with a different protocol, you can give the command line options

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink login.example.com

Debian GNU/Linux 2.2 flunky.example.com
flunky login:

Z:\sysosd>plink -ssh login.example.com
login as:

If you have already set up a PuTTY saved session, then instead of supplying a host name, you can give the saved session name. This allows you to use public-key authentication, specify a user name, and use most of the other features of PuTTY:

Z:\sysosd>plink my-ssh-session
Sent username "fred"
Authenticating with public key "fred@winbox"
Last login: Thu Dec  6 19:25:33 2001 from :0.0
fred@flunky:~$

7.2.2 Using Plink for automated connections

More typically Plink is used with the SSH protocol, to enable you to talk directly to a program running on the server. To do this you have to ensure Plink is using the SSH protocol. You can do this in several ways:

• Use the

  Z:\sysosd>plink login.example.com
  
  Debian GNU/Linux 2.2 flunky.example.com
  flunky login:
  

  3 option as described in section 7.2.1.
• Set up a PuTTY saved session that describes the server you are connecting to, and that also specifies the protocol as SSH.
• Set the Windows environment variable

  Z:\sysosd>plink login.example.com
  
  Debian GNU/Linux 2.2 flunky.example.com
  flunky login:
  

  8 to the word

  Z:\sysosd>plink
  PuTTY Link: command-line connection utility
  Release 0.56
  Usage: plink [options] [user@]host [command]
         ("host" can also be a PuTTY saved session name)
  Options:
    -V        print version information
    -v        show verbose messages
    -load sessname  Load settings from saved session
    -ssh -telnet -rlogin -raw
              force use of a particular protocol
    -P port   connect to specified port
    -l user   connect with specified username
    -m file   read remote command(s) from file
    -batch    disable all interactive prompts
  The following options only apply to SSH connections:
    -pw passw login with specified password
    -D [listen-IP:]listen-port
              Dynamic SOCKS-based port forwarding
    -L [listen-IP:]listen-port:host:port
              Forward local port to remote address
    -R [listen-IP:]listen-port:host:port
              Forward remote port to local address
    -X -x     enable / disable X11 forwarding
    -A -a     enable / disable agent forwarding
    -t -T     enable / disable pty allocation
    -1 -2     force use of particular protocol version
    -C        enable compression
    -i key    private key file for authentication
    -s        remote command is an SSH subsystem (SSH-2 only)
    -N        don't start a shell/command (SSH-2 only)
  

  4.

Usually Plink is not invoked directly by a user, but run automatically by another process. Therefore you typically do not want Plink to prompt you for a user name or a password.

Next, you are likely to need to avoid the various interactive prompts Plink can produce. You might be prompted to verify the host key of the server you're connecting to, to enter a user name, or to enter a password.

To avoid being prompted for the server host key when using Plink for an automated connection, you should first make a manual connection (using either of PuTTY or Plink) to the same server, verify the host key (see section 2.2 for more information), and select Yes to add the host key to the Registry. After that, Plink commands connecting to that server should not give a host key prompt unless the host key changes.

To avoid being prompted for a user name, you can:

• Use the

  Z:\sysosd>plink -ssh login.example.com
  login as:
  

  0 option to specify a user name on the command line. For example,

  Z:\sysosd>plink -ssh login.example.com
  login as:
  

  1.
• Set up a PuTTY saved session that describes the server you are connecting to, and that also specifies the username to log in as (see section 4.13.3).

To avoid being prompted for a password, you should almost certainly set up public-key authentication. (See chapter 8 for a general introduction to public-key authentication.) Again, you can do this in two ways:

• Set up a PuTTY saved session that describes the server you are connecting to, and that also specifies a private key file (see section 4.18.5). For this to work without prompting, your private key will need to have no passphrase.
• Store the private key in Pageant. See chapter 9 for further information.

Once you have done all this, you should be able to run a remote command on the SSH server machine and have it execute automatically with no prompting:

Z:\sysosd>plink login.example.com -l fred echo hello, world
hello, world

Z:\sysosd>

Or, if you have set up a saved session with all the connection details:

Z:\sysosd>plink mysession echo hello, world
hello, world

Z:\sysosd>

Then you can set up other programs to run this Plink command and talk to it as if it were a process on the server machine.

7.2.3 Plink command line options

Plink accepts all the general command line options supported by the PuTTY tools. See section 3.7.3 for a description of these options.

Plink also supports some of its own options. The following sections describe Plink's specific command-line options.

7.2.3.1

Z:\sysosd>plink -ssh login.example.com
login as:

2: disable all interactive prompts

If you use the

Z:\sysosd>plink -ssh login.example.com
login as:

This may help Plink's behaviour when it is used in automated scripts: using

Z:\sysosd>plink -ssh login.example.com
login as:

7.2.3.2

Z:\sysosd>plink -ssh login.example.com
login as:

5: remote command is SSH subsystem

If you specify the

Z:\sysosd>plink -ssh login.example.com
login as:

(This option is only meaningful with the SSH-2 protocol.)

7.3 Using Plink in batch files and scripts

Once you have set up Plink to be able to log in to a remote server without any interactive prompting (see section 7.2.2), you can use it for lots of scripting and batch purposes. For example, to start a backup on a remote machine, you might use a command like:

plink root@myserver /etc/backups/do-backup.sh

Or perhaps you want to fetch all system log lines relating to a particular web area:

plink mysession grep /~fred/ /var/log/httpd/access.log > fredlog

Any non-interactive command you could usefully run on the server command line, you can run in a batch file using Plink in this way.

7.4 Using Plink with CVS

To use Plink with CVS, you need to set the environment variable

Z:\sysosd>plink -ssh login.example.com
login as:

set CVS_RSH=\path\to\plink.exe

You also need to arrange to be able to connect to a remote host without any interactive prompts, as described in section 7.2.2.

You should then be able to run CVS as follows:

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

If you specified a username in your saved session, you don't even need to specify the �user� part of this, and you can just say:

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

7.5 Using Plink with WinCVS

Plink can also be used with WinCVS. Firstly, arrange for Plink to be able to connect to a remote host non-interactively, as described in section 7.2.2.

Then, in WinCVS, bring up the �Preferences� dialogue box from the Admin menu, and switch to the �Ports� tab. Tick the box there labelled �Check for an alternate

Z:\sysosd>plink -ssh login.example.com
login as:

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Next, select �Command Line� from the WinCVS �Admin� menu, and type a CVS command as in section 7.4, for example:

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

or (if you're using a saved session):

Z:\sysosd>plink
PuTTY Link: command-line connection utility
Release 0.56
Usage: plink [options] [user@]host [command]
       ("host" can also be a PuTTY saved session name)
Options:
  -V        print version information
  -v        show verbose messages
  -load sessname  Load settings from saved session
  -ssh -telnet -rlogin -raw
            force use of a particular protocol
  -P port   connect to specified port
  -l user   connect with specified username
  -m file   read remote command(s) from file
  -batch    disable all interactive prompts
The following options only apply to SSH connections:
  -pw passw login with specified password
  -D [listen-IP:]listen-port
            Dynamic SOCKS-based port forwarding
  -L [listen-IP:]listen-port:host:port
            Forward local port to remote address
  -R [listen-IP:]listen-port:host:port
            Forward remote port to local address
  -X -x     enable / disable X11 forwarding
  -A -a     enable / disable agent forwarding
  -t -T     enable / disable pty allocation
  -1 -2     force use of particular protocol version
  -C        enable compression
  -i key    private key file for authentication
  -s        remote command is an SSH subsystem (SSH-2 only)
  -N        don't start a shell/command (SSH-2 only)

Select the folder you want to check out to with the �Change Folder� button, and click �OK� to check out your module. Once you've got modules checked out, WinCVS will happily invoke plink from the GUI for CVS operations.

If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.