This project is read-only.

PowerShell Connection - Secure Credentials

Sep 8, 2011 at 3:01 PM

Hi.

I am developing a script that makes use for the SSH.NET library. I find it to be an excellent library, simple and straight forward.

Currently, in PowerShell, I perform the following:

[reflection.assembly]::LoadFrom((Resolve-Path "Renci.SshNet.dll")
$SSH = New-Object -TypeName Renci.SSHNet.SSHClient -ArgumentList $VCIP, $UserName, $Password $SSH.Connect()

This works very well, and in my current use cause I use the RunCommand method to get information back from the client.

My issue is that the above requires that plain text credentials are passed. I am connecting to a large number of devices as part of an automated task. Can anybody help me store and use credentials in a non-readable format?

I was thinking of doing something like this to store the password:

(Get-Credential).Password | ConvertFrom-SecureString | set-content c:\temp\test.creds

and then using it later:

$SecurePassword = Get-Content c:\temp\test.creds | ConvertTo-SecureString

 

Does anybody have any suggestions?

 

P.S. If anybody is wondering how to use the .NET 4.0 component in PowerShell, you need a PowerShell config file:

  1. Create powershell.exe.config %windir%\System32\WindowsPowerShell\v1.0
  2. In the config file, add the following XML.
    <?xml version="1.0"?>
    <configuration>
        <startup useLegacyV2RuntimeActivationPolicy="true">
            <supportedRuntime version="v4.0.30319"/>
            <supportedRuntime version="v2.0.50727"/>
        </startup>
    </configuration>
    
  3. Restart PowerShell.

 

Thanks very much. Regards,

 

Mark

Sep 8, 2011 at 5:41 PM

The only suggestion I can give you is to use private key file, may be that will help.

 

I could possibly introduce SecureString type for password in connection string if it will make sence.

 

Feb 1, 2012 at 11:43 AM

It's also possible to decrypt the password so you get is as plaintext

$SecurePassword = Get-Content c:\temp\test.creds | ConvertTo-SecureString

$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword))