2005-04-05 18:01:32 +00:00
\C{plink} Using the command-line connection tool \i{Plink}
2001-01-17 10:11:16 +00:00
2014-11-22 16:38:01 +00:00
\i{Plink} is a command-line connection tool similar to UNIX \c{ssh}.
It is mostly used for \i{automated operations}, such as making CVS
access a repository on a remote server.
2001-12-06 20:05:39 +00:00
Plink is probably not what you want if you want to run an
2005-04-05 18:01:32 +00:00
\i{interactive session} in a console window.
2001-02-04 15:47:01 +00:00
\H{plink-starting} Starting Plink
2001-12-06 20:05:39 +00:00
Plink is a command line application. This means that you cannot just
double-click on its icon to run it and instead you have to bring up
a \i{console window}. In Windows 95, 98, and ME, this is called an
2005-04-05 18:01:32 +00:00
\q{MS-DOS Prompt}, and in Windows NT, 2000, and XP, it is called a
2001-12-06 20:05:39 +00:00
\q{Command Prompt}. It should be available from the Programs section
2001-02-04 15:47:01 +00:00
of your Start Menu.
2001-12-06 20:05:39 +00:00
In order to use Plink, the file \c{plink.exe} will need either to be
on your \i{\c{PATH}} or in your current directory. To add the
directory containing Plink to your \c{PATH} environment variable,
type into the console window:
2001-02-04 15:47:01 +00:00
2001-06-28 13:36:14 +00:00
\c set PATH=C:\path\to\putty\directory;%PATH%
2001-02-04 15:47:01 +00:00
This will only work for the lifetime of that particular console
2005-04-05 18:01:32 +00:00
window. To set your \c{PATH} more permanently on Windows NT, 2000,
and XP, use the Environment tab of the System Control Panel. On
Windows 95, 98, and ME, you will need to edit your \i\c{AUTOEXEC.BAT}
to include a \c{set} command like the one above.
2001-02-04 15:47:01 +00:00
2001-12-06 20:05:39 +00:00
\H{plink-usage} Using Plink
This section describes the basics of how to use Plink for
interactive logins and for automated processes.
2001-02-04 15:47:01 +00:00
Once you've got a console window to type into, you can just type
\c{plink} on its own to bring up a usage message. This tells you the
version of Plink you're using, and gives you a brief summary of how to
use Plink:
2020-06-21 15:34:09 +00:00
\c C:\>plink
2014-11-22 16:38:01 +00:00
\c Plink: command-line connection utility
2021-05-02 07:11:24 +00:00
\c Release 0.75
2001-02-04 15:47:01 +00:00
\c Usage: plink [options] [user@]host [command]
2002-09-11 17:30:36 +00:00
\c ("host" can also be a PuTTY saved session name)
2001-02-04 15:47:01 +00:00
\c Options:
2005-03-19 02:26:58 +00:00
\c -V print version information and exit
\c -pgpfp print PGP key fingerprints and exit
2001-02-04 15:47:01 +00:00
\c -v show verbose messages
2002-09-11 17:30:36 +00:00
\c -load sessname Load settings from saved session
2009-08-10 20:55:19 +00:00
\c -ssh -telnet -rlogin -raw -serial
2004-08-19 13:15:02 +00:00
\c force use of a particular protocol
2021-02-21 16:41:36 +00:00
\c -ssh-connection
\c force use of the bare ssh-connection protocol
2001-02-04 15:47:01 +00:00
\c -P port connect to specified port
2002-09-11 17:30:36 +00:00
\c -l user connect with specified username
\c -batch disable all interactive prompts
2017-02-17 19:39:58 +00:00
\c -proxycmd command
\c use 'command' as local proxy
2014-09-20 22:58:48 +00:00
\c -sercfg configuration-string (e.g. 19200,8,n,1,X)
\c Specify the serial configuration (serial only)
2002-09-11 17:30:36 +00:00
\c The following options only apply to SSH connections:
2001-02-04 15:47:01 +00:00
\c -pw passw login with specified password
2004-01-20 12:46:36 +00:00
\c -D [listen-IP:]listen-port
\c Dynamic SOCKS-based port forwarding
\c -L [listen-IP:]listen-port:host:port
\c Forward local port to remote address
\c -R [listen-IP:]listen-port:host:port
\c Forward remote port to local address
2002-09-11 17:30:36 +00:00
\c -X -x enable / disable X11 forwarding
\c -A -a enable / disable agent forwarding
\c -t -T enable / disable pty allocation
2021-04-19 14:57:13 +00:00
\c -1 -2 force use of particular SSH protocol version
2004-12-30 16:45:11 +00:00
\c -4 -6 force use of IPv4 or IPv6
2002-09-11 17:30:36 +00:00
\c -C enable compression
2014-09-20 22:58:48 +00:00
\c -i key private key file for user authentication
2006-02-19 12:52:28 +00:00
\c -noagent disable use of Pageant
\c -agent enable use of Pageant
2021-07-09 22:55:15 +00:00
\c -no-trivial-auth
\c disconnect if SSH authentication succeeds trivially
2017-07-06 08:18:27 +00:00
\c -noshare disable use of connection sharing
\c -share enable use of connection sharing
2021-03-27 17:33:54 +00:00
\c -hostkey keyid
2014-09-20 22:58:48 +00:00
\c manually specify a host key (may be repeated)
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
\c -sanitise-stderr, -sanitise-stdout, -no-sanitise-stderr, -no-sanitise-stdout
\c do/don't strip control chars from standard output/error
2019-03-16 12:26:06 +00:00
\c -no-antispoof omit anti-spoofing prompt after authentication
2005-03-01 00:33:18 +00:00
\c -m file read remote command(s) from file
2003-08-29 19:06:22 +00:00
\c -s remote command is an SSH subsystem (SSH-2 only)
2004-10-15 23:32:01 +00:00
\c -N don't start a shell/command (SSH-2 only)
2006-08-28 17:47:43 +00:00
\c -nc host:port
\c open tunnel in place of session (SSH-2 only)
2016-02-29 19:59:59 +00:00
\c -sshlog file
\c -sshrawlog file
\c log protocol details to a file
2020-11-25 15:12:56 +00:00
\c -logoverwrite
\c -logappend
\c control what happens when a log file already exists
2017-02-17 19:39:58 +00:00
\c -shareexists
\c test whether a connection-sharing upstream exists
2001-02-04 15:47:01 +00:00
2001-12-06 20:05:39 +00:00
Once this works, you are ready to use Plink.
\S{plink-usage-interactive} Using Plink for interactive logins
To make a simple interactive connection to a remote server, just
type \c{plink} and then the host name:
2020-06-21 15:34:09 +00:00
\c C:\>plink login.example.com
2001-12-06 20:05:39 +00:00
\c
\c Debian GNU/Linux 2.2 flunky.example.com
\c flunky login:
You should then be able to log in as normal and run a session. The
output sent by the server will be written straight to your command
2005-04-05 18:01:32 +00:00
prompt window, which will most likely not interpret terminal \i{control
codes} in the way the server expects it to. So if you run any
2001-12-06 20:05:39 +00:00
full-screen applications, for example, you can expect to see strange
characters appearing in your window. Interactive connections like
this are not the main point of Plink.
In order to connect with a different protocol, you can give the
2021-02-21 16:41:36 +00:00
command line options \c{-ssh}, \c{-ssh-connection}, \c{-telnet},
\c{-rlogin}, or \c{-raw}. To make an SSH connection, for example:
2001-12-06 20:05:39 +00:00
2020-06-21 15:34:09 +00:00
\c C:\>plink -ssh login.example.com
2001-12-06 20:05:39 +00:00
\c login as:
If you have already set up a PuTTY saved session, then instead of
supplying a host name, you can give the saved session name. This
allows you to use public-key authentication, specify a user name,
and use most of the other features of PuTTY:
2020-06-21 15:34:09 +00:00
\c C:\>plink my-ssh-session
2001-12-06 20:05:39 +00:00
\c Sent username "fred"
\c Authenticating with public key "fred@winbox"
\c Last login: Thu Dec 6 19:25:33 2001 from :0.0
\c fred@flunky:~$
2005-03-24 02:22:21 +00:00
(You can also use the \c{-load} command-line option to load a saved
session; see \k{using-cmdline-load}. If you use \c{-load}, the saved
session exists, and it specifies a hostname, you cannot also specify a
\c{host} or \c{user@host} argument - it will be treated as part of the
remote command.)
2001-12-06 20:05:39 +00:00
\S{plink-usage-batch} Using Plink for automated connections
More typically Plink is used with the SSH protocol, to enable you to
talk directly to a program running on the server. To do this you
have to ensure Plink is \e{using} the SSH protocol. You can do this
in several ways:
\b Use the \c{-ssh} option as described in
\k{plink-usage-interactive}.
\b Set up a PuTTY saved session that describes the server you are
connecting to, and that also specifies the protocol as SSH.
2005-04-05 18:01:32 +00:00
\b Set the Windows environment variable \i\c{PLINK_PROTOCOL} to the
2001-12-06 20:05:39 +00:00
word \c{ssh}.
Usually Plink is not invoked directly by a user, but run
automatically by another process. Therefore you typically do not
want Plink to prompt you for a user name or a password.
2003-03-24 10:49:01 +00:00
Next, you are likely to need to avoid the various interactive
prompts Plink can produce. You might be prompted to verify the host
key of the server you're connecting to, to enter a user name, or to
enter a password.
To avoid being prompted for the server host key when using Plink for
2021-03-27 18:35:43 +00:00
an automated connection, you can first make a \e{manual}
2003-03-24 10:49:01 +00:00
connection (using either of PuTTY or Plink) to the same server,
verify the host key (see \k{gs-hostkey} for more information), and
2021-03-27 18:35:43 +00:00
select \q{Accept} to add the host key to the Registry. After that,
Plink commands connecting to that server should not give a host key
prompt unless the host key changes. Alternatively, you can specify
the appropriate host key(s) on Plink's command line every time you
use it; see \k{using-cmdline-hostkey}.
2003-03-24 10:49:01 +00:00
2001-12-06 20:05:39 +00:00
To avoid being prompted for a user name, you can:
\b Use the \c{-l} option to specify a user name on the command line.
For example, \c{plink login.example.com -l fred}.
\b Set up a PuTTY saved session that describes the server you are
connecting to, and that also specifies the username to log in as
(see \k{config-username}).
To avoid being prompted for a password, you should almost certainly
2005-04-05 18:01:32 +00:00
set up \i{public-key authentication}. (See \k{pubkey} for a general
2001-12-06 20:05:39 +00:00
introduction to public-key authentication.) Again, you can do this
in two ways:
\b Set up a PuTTY saved session that describes the server you are
connecting to, and that also specifies a private key file (see
\k{config-ssh-privkey}). For this to work without prompting, your
private key will need to have no passphrase.
\b Store the private key in Pageant. See \k{pageant} for further
information.
Once you have done all this, you should be able to run a remote
command on the SSH server machine and have it execute automatically
with no prompting:
2020-06-21 15:34:09 +00:00
\c C:\>plink login.example.com -l fred echo hello, world
2001-12-06 20:05:39 +00:00
\c hello, world
\c
2020-06-21 15:34:09 +00:00
\c C:\>
2001-12-06 20:05:39 +00:00
Or, if you have set up a saved session with all the connection
details:
2020-06-21 15:34:09 +00:00
\c C:\>plink mysession echo hello, world
2001-12-06 20:05:39 +00:00
\c hello, world
\c
2020-06-21 15:34:09 +00:00
\c C:\>
2001-12-06 20:05:39 +00:00
Then you can set up other programs to run this Plink command and
talk to it as if it were a process on the server machine.
2001-02-04 15:47:01 +00:00
2002-08-07 19:20:06 +00:00
\S{plink-options} Plink command line options
2001-12-31 16:15:19 +00:00
2002-08-07 19:20:06 +00:00
Plink accepts all the general command line options supported by the
PuTTY tools. See \k{using-general-opts} for a description of these
options.
2001-02-04 15:47:01 +00:00
2003-08-29 19:06:22 +00:00
Plink also supports some of its own options. The following sections
describe Plink's specific command-line options.
2005-04-05 18:01:32 +00:00
\S2{plink-option-batch} \I{-batch-plink}\c{-batch}: disable all
interactive prompts
2003-08-29 19:06:22 +00:00
If you use the \c{-batch} option, Plink will never give an
2001-12-31 16:15:19 +00:00
interactive prompt while establishing the connection. If the
server's host key is invalid, for example (see \k{gs-hostkey}), then
the connection will simply be abandoned instead of asking you what
to do next.
This may help Plink's behaviour when it is used in automated
scripts: using \c{-batch}, if something goes wrong at connection
time, the batch job will fail rather than hang.
2005-04-05 18:01:32 +00:00
\S2{plink-option-s} \I{-s-plink}\c{-s}: remote command is SSH subsystem
2003-08-29 19:06:22 +00:00
If you specify the \c{-s} option, Plink passes the specified command
2005-04-05 18:01:32 +00:00
as the name of an SSH \q{\i{subsystem}} rather than an ordinary command
2003-08-29 19:06:22 +00:00
line.
(This option is only meaningful with the SSH-2 protocol.)
2017-07-06 08:18:27 +00:00
\S2{plink-option-share} \I{-share-plink}\c{-share}:
Test and try to share an existing connection.
This option tris to detect if an existing connection can be shared
(See \k{config-ssh-sharing} for more information about SSH connection
sharing.) and reuses that connection.
A Plink invocation of the form:
\c plink -share <session>
\e iiiiiiiii
will test whether there is currently a viable \q{upstream} for the
session in question, which can be specified using any syntax you'd
normally use with Plink to make an actual connection (a host/port
number, a bare saved session name, \c{-load}, etc). If no \q{upstream}
viable session is found and \c{-share} is specified, this connection
will be become the \q{upstream} connection for subsequent connection
sharing tries.
(This option is only meaningful with the SSH-2 protocol.)
2015-10-22 00:48:35 +00:00
\S2{plink-option-shareexists} \I{-shareexists-plink}\c{-shareexists}:
test for connection-sharing upstream
This option does not make a new connection; instead it allows testing
for the presence of an existing connection that can be shared.
(See \k{config-ssh-sharing} for more information about SSH connection
sharing.)
A Plink invocation of the form:
\c plink -shareexists <session>
\e iiiiiiiii
will test whether there is currently a viable \q{upstream} for the
session in question, which can be specified using any syntax you'd
normally use with Plink to make an actual connection (a host/port
number, a bare saved session name, \c{-load}, etc). It returns a
zero exit status if a usable \q{upstream} exists, nonzero otherwise.
(This option is only meaningful with the SSH-2 protocol.)
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
\S2{plink-option-sanitise} \I{-sanitise-stderr}\I{-sanitise-stdout}\I{-no-sanitise-stderr}\I{-no-sanitise-stdout}\c{-sanitise-}\e{stream}: control output sanitisation
In some situations, Plink applies a sanitisation pass to the output
received from the server, to strip out control characters such as
backspace and the escape character.
2019-09-08 19:29:00 +00:00
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
The idea of this is to prevent remote processes from sending confusing
escape sequences through the standard error channel when Plink is
being used as a transport for something like \cw{git} or CVS. If the
server actually wants to send an error message, it will probably be
plain text; if the server abuses that channel to try to write over
unexpected parts of your terminal display, Plink will try to stop it.
By default, this only happens for output channels which are sent to a
Windows console device, or a Unix terminal device. (Any output stream
going somewhere else is likely to be needed by an 8-bit protocol and
must not be tampered with at all.) It also stops happening if you tell
Plink to allocate a remote pseudo-terminal (see \k{using-cmdline-pty}
and \k{config-ssh-pty}), on the basis that in that situation you often
\e{want} escape sequences from the server to go to your terminal.
But in case Plink guesses wrong about whether you want this
sanitisation, you can override it in either direction, using one of
these options:
2021-03-27 18:01:53 +00:00
\dt \c{-sanitise-stderr}
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
2021-03-27 18:01:53 +00:00
\dd Sanitise server data written to Plink's standard error channel,
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
regardless of terminals and consoles and remote ptys.
2021-03-27 18:01:53 +00:00
\dt \c{-no-sanitise-stderr}
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
2021-03-27 18:01:53 +00:00
\dd Do not sanitise server data written to Plink's standard error
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
channel.
2021-03-27 18:01:53 +00:00
\dt \c{-sanitise-stdout}
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
2021-03-27 18:01:53 +00:00
\dd Sanitise server data written to Plink's standard output channel.
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
2021-03-27 18:01:53 +00:00
\dt \c{-no-sanitise-stdout}
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
2021-03-27 18:01:53 +00:00
\dd Do not sanitise server data written to Plink's standard output
Plink: default to sanitising non-tty console output.
If Plink's standard output and/or standard error points at a Windows
console or a Unix tty device, and if Plink was not configured to
request a remote pty (and hence to send a terminal-type string), then
we apply the new control-character stripping facility.
The idea is to be a mild defence against malicious remote processes
sending confusing escape sequences through the standard error channel
when Plink is being used as a transport for something like git: it's
OK to have actual sensible error messages come back from the server,
but when you run a git command, you didn't really intend to give the
remote server the implicit licence to write _all over_ your local
terminal display. At the same time, in that scenario, the standard
_output_ of Plink is left completely alone, on the grounds that git
will be expecting it to be 8-bit clean. (And Plink can tell that
because it's redirected away from the console.)
For interactive login sessions using Plink, this behaviour is
disabled, on the grounds that once you've sent a terminal-type string
it's assumed that you were _expecting_ the server to use it to know
what escape sequences to send to you.
So it should be transparent for all the use cases I've so far thought
of. But in case it's not, there's a family of new command-line options
like -no-sanitise-stdout and -sanitise-stderr that you can use to
forcibly override the autodetection of whether to do it.
This all applies the same way to both Unix and Windows Plink.
2019-02-20 07:03:57 +00:00
channel.
2021-03-27 18:01:53 +00:00
\S2{plink-option-antispoof} \i{-no-antispoof}: turn off authentication spoofing protection prompt
2019-03-10 14:42:33 +00:00
In SSH, some possible server authentication methods require user input
(for example, password authentication, or entering a private key
passphrase), and others do not (e.g. a private key held in Pageant).
If you use Plink to run an interactive login session, and if Plink
authenticates without needing any user interaction, and if the server
is malicious or compromised, it could try to trick you into giving it
authentication data that should not go to the server (such as your
private key passphrase), by sending what \e{looks} like one of Plink's
local prompts, as if Plink had not already authenticated.
To protect against this, Plink's default policy is to finish the
authentication phase with a final trivial prompt looking like this:
\c Access granted. Press Return to begin session.
so that if you saw anything that looked like an authentication prompt
\e{after} that line, you would know it was not from Plink.
That extra interactive step is inconvenient. So Plink will turn it off
in as many situations as it can:
\b If Plink's standard input is not pointing at a console or terminal
device \dash for example, if you're using Plink as a transport for
some automated application like version control \dash then you
\e{can't} type passphrases into the server anyway. In that situation,
Plink won't try to protect you from the server trying to fool you into
doing so.
\b If Plink is in batch mode (see \k{plink-usage-batch}), then it
\e{never} does any interactive authentication. So anything looking
like an interactive authentication prompt is automatically suspect,
and so Plink omits the anti-spoofing prompt.
But if you still find the protective prompt inconvenient, and you
trust the server not to try a trick like this, you can turn it off
using the \cq{-no-antispoof} option.
2001-02-07 11:20:15 +00:00
\H{plink-batch} Using Plink in \i{batch files} and \i{scripts}
2001-02-04 15:47:01 +00:00
2001-12-06 20:05:39 +00:00
Once you have set up Plink to be able to log in to a remote server
without any interactive prompting (see \k{plink-usage-batch}), you
can use it for lots of scripting and batch purposes. For example, to
start a backup on a remote machine, you might use a command like:
\c plink root@myserver /etc/backups/do-backup.sh
Or perhaps you want to fetch all system log lines relating to a
particular web area:
2004-05-22 11:09:31 +00:00
\c plink mysession grep /~fred/ /var/log/httpd/access.log > fredlog
2001-12-06 20:05:39 +00:00
Any non-interactive command you could usefully run on the server
command line, you can run in a batch file using Plink in this way.
2001-02-07 11:20:15 +00:00
\H{plink-cvs} Using Plink with \i{CVS}
2001-02-19 23:24:01 +00:00
To use Plink with CVS, you need to set the environment variable
2005-04-05 18:01:32 +00:00
\i\c{CVS_RSH} to point to Plink:
2001-02-07 11:20:15 +00:00
\c set CVS_RSH=\path\to\plink.exe
2001-02-19 23:24:01 +00:00
You also need to arrange to be able to connect to a remote host
2001-12-06 20:05:39 +00:00
without any interactive prompts, as described in
\k{plink-usage-batch}.
2001-02-19 23:24:01 +00:00
2001-12-06 20:05:39 +00:00
You should then be able to run CVS as follows:
2001-02-19 23:24:01 +00:00
\c cvs -d :ext:user@sessionname:/path/to/repository co module
2001-12-06 20:05:39 +00:00
If you specified a username in your saved session, you don't even
need to specify the \q{user} part of this, and you can just say:
2001-02-19 23:24:01 +00:00
\c cvs -d :ext:sessionname:/path/to/repository co module
\H{plink-wincvs} Using Plink with \i{WinCVS}
Plink can also be used with WinCVS. Firstly, arrange for Plink to be
2001-12-06 20:05:39 +00:00
able to connect to a remote host non-interactively, as described in
\k{plink-usage-batch}.
2001-02-07 11:20:15 +00:00
2001-12-06 20:05:39 +00:00
Then, in WinCVS, bring up the \q{Preferences} dialogue box from the
2001-11-25 17:32:39 +00:00
\e{Admin} menu, and switch to the \q{Ports} tab. Tick the box there
2001-12-06 20:05:39 +00:00
labelled \q{Check for an alternate \cw{rsh} name} and in the text
entry field to the right enter the full path to \c{plink.exe}.
Select \q{OK} on the \q{Preferences} dialogue box.
2001-02-07 11:20:15 +00:00
2019-09-08 19:29:00 +00:00
Next, select \q{Command Line} from the WinCVS \q{Admin} menu, and type
2001-02-19 23:24:01 +00:00
a CVS command as in \k{plink-cvs}, for example:
\c cvs -d :ext:user@hostname:/path/to/repository co module
2001-02-07 11:20:15 +00:00
2002-03-05 20:39:27 +00:00
or (if you're using a saved session):
\c cvs -d :ext:user@sessionname:/path/to/repository co module
2001-11-25 17:32:39 +00:00
Select the folder you want to check out to with the \q{Change Folder}
button, and click \q{OK} to check out your module. Once you've got
2001-02-19 23:24:01 +00:00
modules checked out, WinCVS will happily invoke plink from the GUI for
CVS operations.
2001-02-04 15:47:01 +00:00
2001-12-06 20:05:39 +00:00
\# \H{plink-whatelse} Using Plink with... ?