Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

raina

Ah, should have R'd TFM. :roll:

Anyway, thanks for pointing me towards public key authentication.
martin

Re: Improving PuTTY integration security

Edit 2022: Since WinSCP 6.2, the password is passed using a named pipe, whenever possible:
https://winscp.net/eng/docs/ui_pref_integration_app#password

This is documented here:
<obsolete link removed>

I have also added mention here now:
<obsolete link removed>
raina

Improving PuTTY integration security

Running Process Explorer, I just noticed that the way session password is remembered and passed to PuTTY, is through the command line and thus shown in PE's Command Line column in plaintext. :shock:

I enjoy the convenience of this feature but knowing what I now know, I'll have to give up using it. Is there another, more secure way to have the password remembered? Because if not, there should at least be a big fat warning in WinSCP when you're enabling "Remember session password and pass it to PuTTY (SSH)".