Security Enhanced PLINK And PSCP


Argent provides seven different and independent means of monitoring Unix and Linux (UNIX Monitoring)

Customers can use PLINK and PSCP when monitoring UNIX and Linux hosts with Secure Shell

Unfortunately, the official release of PLINK and PSCP accepts clear text password from command line with option ‘-pw

The other issue user may run into is that, PLINK can be stuck at the prompt asking whether to cache the key as shown in the screenshot below

If you put the Relator into production without a connectivity test having been done at least once, the Relator generally will timeout and no monitoring is actually performed because the secure shell session is stuck at the prompt

Of course, Argent has no control over PLINK or PSCP as these are not Argent products or components – Argent products simply call PLINK or PSCP; Argent acts as a driver

However, Argent has created a security enhancement for both PLINK and PSCP to address both issues

Following is the screenshot of the connectivity test

As can been seen there is no key caching prompt and an encrypted password string is shown

Note: The new PLINK and PSCP is completely backward compatible

In other words, if the plain text password is passed in, they still work as before

To implement the new Argent PLINK and PSCP support, do the following:

  • Contact Argent support to get a special Argent-supplied version of PLINK/PSCP package

  • Unpack SECURITY_ENHANCED_PLINK_yyyymmdd.ZIP to system32 directory to replace the existing un-secure PLINK.EXE and PSCP.EXE

  • Edit \Argent\ArgentManagementConsole\XT_SSH.INI and edit ENC_PSWD to 1