Command line password file

Hi,

In the current documentation of the command line parameters
(https://winscp.net/eng/docs/commandline) I see only the option to share the password using the argument /password=<pass>. However, this has a high risk, as with the Windows Task Manager you can see the command used to launch any process.

The last version of PuTTY has incorporated the option to share the password over a file.
See here the description:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/cmdline-password-file.html

My request is to implement just the same. You can do it please?
Thank you!

What is your use case? When you need to specify the password on WinSCP commandline?

Use case:
From external TERM session (for example, using KiTTY) you want to open the WinSCP from the command line.
Now this is done using the plain password in the command line (very easy to read it). Using this technique it's more safe to launch the WinSCP session.

So it's about starting WinSCP GUI?
How would you store the password to the file from KiTTY?

Hi,

I'm not storing anything in any part!
What I want is to launch WinSCP without incorporating the PASSWORD in the command line (a very unsecure behaviour!).

So now I can do: winscp.exe user@server /password=MY_PASS

And what I want to do is: winscp.exe user@server /pwfile=C:\TMP\hash.data

Where the file C:\TMP\hash.data is a temporal file created by someone that includes the password in a clean form. For security this file will be created with a very restrictive ACL and automatically removed after WinSCP will starts (that's after reading it, so it will be perfect if optionally WinSCP will delete such file after read it).

And please don't think this is something new. In fact, the PuTTY team has already implemented it in the mainstream of his tool. So, I suggest that you now implement the same for WinSCP.

Thank you.

So if you can setup some process that can write the password to a file, cannot you instead write the password to WinSCP INI file or Windows registry and have WinSCP use that?

I know that the latest version of PuTTY has that option. But WinSCP has other options for providing the password for years that PuTTY does not have (like script file, INI file or registry).

Hi Martin,

I think the password in a file is more simple than other options. Why? First, in a Portable environment the Windows registry has no sense. Also the INI file is not an option with readonly filesystems. Why are you so reluctant to this simple and already standardized mode?

And the password file is an option with read only file systems?

Yes, because all systems running with read only file systems have a scratch memory filesystem (TEMP). So the INI file of the WinSCP is not editable, but you can share the TMP directory.

Please, why not implement this simple solution that is already included in PuTTY?

OK, I'll see if more people have this quite specific requirement.

Thank you!