Command line password file

Advertisement

ermanin
Guest

Command line password file

Hi,

In the current documentation of the command line parameters
(https://winscp.net/eng/docs/commandline) I see only the option to share the password using the argument /password=<pass>. However, this has a high risk, as with the Windows Task Manager you can see the command used to launch any process.

The last version of PuTTY has incorporated the option to share the password over a file.
See here the description:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/cmdline-password-file.html

My request is to implement just the same. You can do it please?
Thank you!

Reply with quote

Advertisement

ermanin
Guest

Use case:
From external TERM session (for example, using KiTTY) you want to open the WinSCP from the command line.
Now this is done using the plain password in the command line (very easy to read it). Using this technique it's more safe to launch the WinSCP session.

Reply with quote

ermanin
Guest

Hi,

I'm not storing anything in any part!
What I want is to launch WinSCP without incorporating the PASSWORD in the command line (a very unsecure behaviour!).

So now I can do: winscp.exe user@server /password=MY_PASS

And what I want to do is: winscp.exe user@server /pwfile=C:\TMP\hash.data

Where the file C:\TMP\hash.data is a temporal file created by someone that includes the password in a clean form. For security this file will be created with a very restrictive ACL and automatically removed after WinSCP will starts (that's after reading it, so it will be perfect if optionally WinSCP will delete such file after read it).

And please don't think this is something new. In fact, the PuTTY team has already implemented it in the mainstream of his tool. So, I suggest that you now implement the same for WinSCP.

Thank you.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
37,180
Location:
Prague, Czechia

So if you can setup some process that can write the password to a file, cannot you instead write the password to WinSCP INI file or Windows registry and have WinSCP use that?

I know that the latest version of PuTTY has that option. But WinSCP has other options for providing the password for years that PuTTY does not have (like script file, INI file or registry).

Reply with quote

ermanin
Guest

Hi Martin,

I think the password in a file is more simple than other options. Why? First, in a Portable environment the Windows registry has no sense. Also the INI file is not an option with readonly filesystems. Why are you so reluctant to this simple and already standardized mode?

Reply with quote

ermanin
Guest

Yes, because all systems running with read only file systems have a scratch memory filesystem (TEMP). So the INI file of the WinSCP is not editable, but you can share the TMP directory.

Please, why not implement this simple solution that is already included in PuTTY?

Reply with quote

Advertisement

Advertisement

You can post new topics in this forum