I would like to encrypt a password in PowerShell and use it with plink and putty.
Yes, I know that it expects only cleartext password (Password encryption using SecureString for plink.exe command).
No, I will not use generated keys because we don't support it.
My questions:
-pw flag in putty or plink-i instead of -pwMy securePass.ps1 code:
$password = read-host -prompt "Enter your Password"
write-host "$password is password"
$secure = ConvertTo-SecureString $password -force -asPlainText
$bytes = ConvertFrom-SecureString $secure
$bytes | out-file C:\encrypted_password1.txt
In main:
$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
plink -batch -ssh $defUser@$srv -pw $pass
putty -ssh $defUser@$srv -pw $pass
As you know, you cannot use encrypted password (SecureString) for PuTTY/Plink.
All you can do is to decrypt the secure string and pass the decrypted plain text password to the PuTTY/Plink.
For for decryption, see PowerShell - Decode System.Security.SecureString to readable password:
$securePass = Get-Content C:\encrypted_password1.txt
$pass = $securePass | ConvertTo-SecureString
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($pass)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
plink -batch -ssh $defUser@$srv -pw $decrypted
PuTTY 0.77 Plink newly supports -pwfile switch that allows more safe way to pass the password via a local text file (while still plain-text).
Your question 2) does not make any sense. You wrote that you cannot use keys. So you cannot use -i switch. Let alone use some "generated password" with it.