-pw-stdin parameter :: Support Forum

user-adm-33 Guest

-pw-stdin parameter

2019-05-21 09:25

Hi,

When using the current command line parameter

WinSCP.EXE sftp://user:pass@server:22

the password can be shown inside the "Command Line" column of the Task Manager.

So, I suggest to add the parameter "-pw-stdin" to read the password from a PIPE.
That's already implemented in the KeePass to hide password passed in the command line.
See it at: https://keepass.info/help/base/cmdline.html

I hope you agree to implement something similar.
Regards.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

Re: -pw-stdin parameter

2019-05-24

I believe that GUI applications have no stdin.

Reply with quote

user-adm-33 Guest

2019-05-25 16:46

Sorry Martin!

KeePass is a Windows Graphical Application that implements the -pw-stin parameter.
Any Windows GUI Application can read from the console.

So, please check this:

KeePass code (in C#) that reads the password from the console:
https://github.com/dlech/KeePass2.x/blob/5ea1b24ad2c1b17b6d0017d68731c885af6b539d/KeePass/Util/KeyUtil.cs#L154
How a Windows GUI App can use the Console:
Adding Console I/O to a Win32 GUI App
Microsoft examples about the use of the STDIN/STDOUT:
https://learn.microsoft.com/en-us/dotnet/api/system.console.readline

Please, note that the current implementation for setting the password from another process that starts it the WinSCP it's VERY INSECURE. So, another alternative should be explored.

Regards.

Reply with quote

martin◆ Site Admin

Re: -pw-stdin parameter

2019-06-03

OK. Thanks. We will see, if more people ask for this.

Reply with quote

Frongie Guest

2021-08-30 12:46

This idea is good. The AnyDesk tool uses the same interface. Example:

echo password | "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" alias@ad --with-password

So I suggest to implement this alternative to pass the password using the commandline.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

2021-08-31

@Frongie: That way, you will see a process like this in the Task Manager:

"C:\WINDOWS\system32\cmd.exe /c /s echo password | "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" ...

Reply with quote

Frongie Guest

2021-09-03 11:39

Yes, but this is only one EXAMPLE !!!
With this method, if the program you use writes directly to the PIPE, then nothing will be stored in the Task Manager. Some tools can work in this way.
Futhermore, if you need to execute the same using scripts only, then the solution is to write the password to a TEMP file and use the Get-Content command (similar to cat in Power Shell) to pass the content of the file to the WinSCP.exe.

Please, try to think about the improvement in the security with this simple alternative to send passwords to WinSCP.
Regards.

Reply with quote