nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Add -pwfile option, a more secure version of -pw.

Browse Source 
Similarly to cmdgen's passphrase options, this replaces the password
on the command line with a filename to read the password out of, which
means it can't show up in 'ps' or the Windows task manager.
This commit is contained in:
Simon Tatham 2021-09-28 18:04:15 +01:00
parent d489c64f48
commit 44ee7b9e76
10 changed files with 63 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
cmdline.c
View File

@ -584,6 +584,32 @@ int cmdline_process_param(const char *p, char *value,
} }
} }
if (!strcmp(p, "-pwfile")) {
RETURN(2);
UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
SAVEABLE(1);
/* We delay evaluating this until after the protocol is decided,
* so that we can warn if it's of no use with the selected protocol */
if (conf_get_int(conf, CONF_protocol) != PROT_SSH)
cmdline_error("the -pwfile option can only be used with the "
"SSH protocol");
else {
Filename *fn = filename_from_str(value);
FILE *fp = f_open(fn, "r", false);
if (!fp) {
cmdline_error("unable to open password file '%s'", value);
} else {
cmdline_password = chomp(fgetline(fp));
if (!cmdline_password) {
cmdline_error("unable to read a password from file '%s'",
value);
}
fclose(fp);
}
filename_free(fn);
}
}
if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") || if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
!strcmp(p, "-pageant")) { !strcmp(p, "-pageant")) {
RETURN(1); RETURN(1);

1
doc/index.but
View File

@ -245,6 +245,7 @@ saved sessions from
\IM{-m} \c{-m} command-line option \IM{-m} \c{-m} command-line option
\IM{-P-upper} \c{-P} command-line option \IM{-P-upper} \c{-P} command-line option
\IM{-pw} \c{-pw} command-line option \IM{-pw} \c{-pw} command-line option
\IM{-pwfile} \c{-pwfile} command-line option
\IM{-A-upper} \c{-A} command-line option \IM{-A-upper} \c{-A} command-line option
\IM{-a} \c{-a} command-line option \IM{-a} \c{-a} command-line option
\IM{-X-upper} \c{-X} command-line option \IM{-X-upper} \c{-X} command-line option

7
doc/man-plink.but
View File

@ -114,11 +114,16 @@ sequences. These options override Plink's default behaviour to enable
or disabling such filtering on the standard error and standard output or disabling such filtering on the standard error and standard output
channels. channels.
\dt \cw{-pwfile} \e{filename}
\dd Open the specified file, and use the first line of text read from
it as the remote password.
\dt \cw{-pw} \e{password} \dt \cw{-pw} \e{password}
\dd Set remote password to \e{password}. \e{CAUTION:} this will likely \dd Set remote password to \e{password}. \e{CAUTION:} this will likely
make the password visible to other users of the local machine (via make the password visible to other users of the local machine (via
commands such as \q{\c{w}}). commands such as \q{\c{ps}} or \q{\c{w}}). Use \cw{-pwfile} instead.
\dt \cw{\-L} \cw{[}\e{srcaddr}\cw{:]}\e{srcport}\cw{:}\e{desthost}\cw{:}\e{destport} \dt \cw{\-L} \cw{[}\e{srcaddr}\cw{:]}\e{srcport}\cw{:}\e{desthost}\cw{:}\e{destport}

7
doc/man-pscp.but
View File

@ -101,11 +101,16 @@ channel from the server, to prevent remote processes sending confusing
escape sequences. This option forces the standard error channel to not be escape sequences. This option forces the standard error channel to not be
filtered. filtered.
\dt \cw{-pwfile} \e{filename}
\dd Open the specified file, and use the first line of text read from
it as the remote password.
\dt \cw{-pw} \e{password} \dt \cw{-pw} \e{password}
\dd Set remote password to \e{password}. \e{CAUTION:} this will likely \dd Set remote password to \e{password}. \e{CAUTION:} this will likely
make the password visible to other users of the local machine (via make the password visible to other users of the local machine (via
commands such as \q{\c{w}}). commands such as \q{\c{ps}} or \q{\c{w}}). Use \cw{-pwfile} instead.
\dt \cw{-1} \dt \cw{-1}

7
doc/man-psftp.but
View File

@ -89,11 +89,16 @@ channel from the server, to prevent remote processes sending confusing
escape sequences. This option forces the standard error channel to not be escape sequences. This option forces the standard error channel to not be
filtered. filtered.
\dt \cw{-pwfile} \e{filename}
\dd Open the specified file, and use the first line of text read from
it as the remote password.
\dt \cw{-pw} \e{password} \dt \cw{-pw} \e{password}
\dd Set remote password to \e{password}. \e{CAUTION:} this will likely \dd Set remote password to \e{password}. \e{CAUTION:} this will likely
make the password visible to other users of the local machine (via make the password visible to other users of the local machine (via
commands such as \q{\c{w}}). commands such as \q{\c{ps}} or \q{\c{w}}). Use \cw{-pwfile} instead.
\dt \cw{-1} \dt \cw{-1}

22
doc/using.but
View File

@ -838,17 +838,23 @@ any case.)
This option is equivalent to the port number control in the Session This option is equivalent to the port number control in the Session
panel of the PuTTY configuration box (see \k{config-hostname}). panel of the PuTTY configuration box (see \k{config-hostname}).
\S2{using-cmdline-pw} \i\c{-pw}: specify a \i{password} \S2{using-cmdline-pw} \i\c{-pwfile} and \i\c{-pw}: specify a \i{password}
A simple way to automate a remote login is to supply your password A simple way to automate a remote login is to supply your password
on the command line. This is \e{not recommended} for reasons of on the command line.
security. If you possibly can, we recommend you set up public-key
authentication instead. See \k{pubkey} for details.
Note that the \c{-pw} option only works when you are using the SSH The \c{-pwfile} option takes a file name as an argument. The first
protocol. Due to fundamental limitations of Telnet, Rlogin, and line of text in that file will be used as your password.
SUPDUP, these protocols do not support automated password
authentication. The \c{-pw} option takes the password itself as an argument. This is
\s{NOT SECURE} if anybody else uses the same computer, because the
whole command line (including the password) is likely to show up if
another user lists the running processes. \c{-pw} is retained for
backwards compatibility only; you should use \c{-pwfile} instead.
Note that these options only work when you are using the SSH protocol.
Due to fundamental limitations of Telnet, Rlogin, and SUPDUP, these
protocols do not support automated password authentication.
\S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}: \S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
control use of Pageant for authentication control use of Pageant for authentication

2
pscp.c
View File

@ -2201,7 +2201,7 @@ static void usage(void)
printf(" -load sessname Load settings from saved session\n"); printf(" -load sessname Load settings from saved session\n");
printf(" -P port connect to specified port\n"); printf(" -P port connect to specified port\n");
printf(" -l user connect with specified username\n"); printf(" -l user connect with specified username\n");
printf(" -pw passw login with specified password\n"); printf(" -pwfile file login with password read from specified file\n");
printf(" -1 -2 force use of particular SSH protocol version\n"); printf(" -1 -2 force use of particular SSH protocol version\n");
printf(" -ssh -ssh-connection\n"); printf(" -ssh -ssh-connection\n");
printf(" force use of particular SSH protocol variant\n"); printf(" force use of particular SSH protocol variant\n");

2
psftp.c
View File

@ -2535,7 +2535,7 @@ static void usage(void)
printf(" -load sessname Load settings from saved session\n"); printf(" -load sessname Load settings from saved session\n");
printf(" -l user connect with specified username\n"); printf(" -l user connect with specified username\n");
printf(" -P port connect to specified port\n"); printf(" -P port connect to specified port\n");
printf(" -pw passw login with specified password\n"); printf(" -pwfile file login with password read from specified file\n");
printf(" -1 -2 force use of particular SSH protocol version\n"); printf(" -1 -2 force use of particular SSH protocol version\n");
printf(" -ssh -ssh-connection\n"); printf(" -ssh -ssh-connection\n");
printf(" force use of particular SSH protocol variant\n"); printf(" force use of particular SSH protocol variant\n");

2
unix/plink.c
View File

@ -516,7 +516,7 @@ static void usage(void)
printf(" -sercfg configuration-string (e.g. 19200,8,n,1,X)\n"); printf(" -sercfg configuration-string (e.g. 19200,8,n,1,X)\n");
printf(" Specify the serial configuration (serial only)\n"); printf(" Specify the serial configuration (serial only)\n");
printf("The following options only apply to SSH connections:\n"); printf("The following options only apply to SSH connections:\n");
printf(" -pw passw login with specified password\n"); printf(" -pwfile file login with password read from specified file\n");
printf(" -D [listen-IP:]listen-port\n"); printf(" -D [listen-IP:]listen-port\n");
printf(" Dynamic SOCKS-based port forwarding\n"); printf(" Dynamic SOCKS-based port forwarding\n");
printf(" -L [listen-IP:]listen-port:host:port\n"); printf(" -L [listen-IP:]listen-port:host:port\n");

2
windows/plink.c
View File

@ -138,7 +138,7 @@ static void usage(void)
printf(" -sercfg configuration-string (e.g. 19200,8,n,1,X)\n"); printf(" -sercfg configuration-string (e.g. 19200,8,n,1,X)\n");
printf(" Specify the serial configuration (serial only)\n"); printf(" Specify the serial configuration (serial only)\n");
printf("The following options only apply to SSH connections:\n"); printf("The following options only apply to SSH connections:\n");
printf(" -pw passw login with specified password\n"); printf(" -pwfile file login with password read from specified file\n");
printf(" -D [listen-IP:]listen-port\n"); printf(" -D [listen-IP:]listen-port\n");
printf(" Dynamic SOCKS-based port forwarding\n"); printf(" Dynamic SOCKS-based port forwarding\n");
printf(" -L [listen-IP:]listen-port:host:port\n"); printf(" -L [listen-IP:]listen-port:host:port\n");