I recently had a situation where I needed to call a program that was executed on a Linux server from a Windows server. My problem was that I needed to connect to a Linux server via SSH, run the program and wait for the output to show up on a shared drive. I was restricted to using free tools that did not require installation, ones that could be executed on the command line. The specific problem was that in my Windows script I could not get past the password prompt when I connected to the Linux server via SSH with PuTTY.
I’m sure there are numerous ways to accomplish this task but due to restrictions and software issues I was able to accomplish this using Plink. This process uses an exchange of keys in place of being prompted for a password. The lack of a password prompt will allow me to create a script that can be executed from the Windows server to run a process on the Linux server. I am unsure exactly which SSH program is installed on my Linux server but it appears to be OpenSSH compatible.
(If you’re not familiar with Plink and you work in a combined Linux and Windows world then you may want to check it out. Plink is part of the wonderful set of SSH tools from Simon Tatham. They can be found here.)
This solution does have a security gap in it but it is the easiest way to accomplish my task for my environment. Also, these instructions can be found in the Plink documentation on the main PuTTY web site. Here is what I did to configure my environment to call a program on Linux from a Windows server.
DISCLAIMER I take no responsibility for the security of this solution. I would strongly suggest that you understand what you’re doing and what possible implications this may have on your environment. The main issue here is that if your private key is compromised then your target system would be at risk since there is no other authentication. Key protection and security is another topic.
Here is what I did:
1. Download PuTTY, PuTTYgen and Plink from here.
2. Run PuTTY from the Windows server, point to the Linux server and accept the SSH certificate when prompted. This should be done as the user who will be running the process. Once established, leave this connection open so we can go back to it in a few minutes.
3. Run PuTTYgen to generate the keys necessary to create a connection that does not have a password prompt. Click the “Generate” button to begin the process, move your mouse over the blank area until the process is complete. The mouse movements are used to generate a random key.
4. Save the key by clicking on the “Save private key” and write the file to a known location. Some notes here; first, while under normal circumstances it is recommended to use the “Key pass-phrase here it would defeat our purpose of not having a password prompt. Second; the file should be written to secure location such as your “My Documents” location that is not available to other users. Individual file permissions could possibly be used to try and keep this file secure as well.
5. Go back to the open SSH connection from step 2. Ensure you are in your home directory and look for a “.ssh” directory. (May require an “ls -al” command since it is a hidden directory. If the directory does not exist then go ahead and create it.
(No screen shot, sorry)
6. Create the authorization file. Change into the .ssh directory and create a file named “authorized_keys” if it does not exist. Open this file with a text editor. Then copy the complete area from the “Public key for pasting into OpenSSH authorized_keys file;” box from the PuTTY Key Generator Windows program into the “authorized_keys” file on the Linux server and save and close the file.
7. Next create a PuTTY profile that uses the newly placed keys. Start a new PuTTY session, enter the Host Name and a profile name in the “Saved Sessions” box and click “Save”. Then on the Tree control on the left side find the “Auth” under the “SSH” section. Load your saved key file into the “Private key file for authentication:” using the “Browse…” button. Once that is done then click the “Session” option at the top of the tree control. It’ll show the main page again and save the profile setting. I used a separate profile that had the suffix “-key” so it was separate from the password prompted one.
8. Test the profile. Load the new “-key” profile click the “Open” button. The connection should initiate and prompt for a username, enter your designated username. It should indicate it’s using private keys to authenticate and you should end up at a Linux prompt.
9. Test the Plink command. The last step should be to run the Linux command with Plink. Open a CMD prompt window on the Windows server. Navigate to the directory with the Plink executable is located. If this location is in the path then it may not be necessary to change to this location. Run the plink command like so; “plink -ssh yourusername@PuTTY-Profile-key /Linux/path/to/command.sh”. The “yourusername” should be the Linux account name you’ve used through this process. The “PuTTY-Profile-key” entry should be the name of the PuTTY Profile you saved previously for use with your private key file. Lastly, the fully qualified Linux path and command that you wish to run.
If all went according to plan then you should have the output show up from the Linux command in your CMD prompt window. I took the Plink command and placed it into our Microsoft SSIS integration server as a step in our process. It works quite well.