10 PuTTY PLINK Examples to Automate Remote Linux Commands from Windows Batch Files
Plink stands for PuTTY Link.
Plink is a companion command-line utility for PuTTY.
On a very high-level:
- Use PuTTY for interactive SSH session from your Windows to Linux Servers
- Use Plink for non-interactive SSH session to execute remote linux commands for automation purpose from your Windows
In this tutorial, we’ll discuss the following:
- Launch plink from Command Prompt
- Plink Interactive SSH Session
- Plink Non-Interactive SSH Session to execute a Remote Command
- Execute Multiple Linux Commands from a Windows File
- Specify Connection Protocol
- Specify SSH Password as Plink Argument
- Debug Plink Issues
- Specify SSH Port as Plink Option
- Plink Log Files for SSH Connections
- Specify SSH Protocol (SSH-1 or SSH-2)
- Specify IP Protocol (IPv4 or IPv6)
- Use Private Key File for Authentication with Plink
- Additional Enable and Disable Options for Plink SSH
- Fingerprint and HostKey with Plink
- Plink -batch option for Windows Batch Files
First, download plink executable from here.
If you don’t have PuTTY already installed on your machine, make sure you also download putty executable along with plink.
If you have a 32-bit Windows laptop, make sure you download the 32-bit version of plink. If not, download the 64-bit version.
1. Launch plink from Command Prompt
You can’t just double-click on plink.exe to launch it. Since this is a command-line only utility (Without GUI), you should first launch your Windows command prompt.
For this, click on start menu on your windows, and type “cmd.exe” in the search box and press enter, this will launch the Windows command prompt.
Also, depending on where you have downloaded the plink.exe, you may have to modify the Windows’s PATH variable accordingly.
Go to your “System properties” windows, click on “Environment Variables”, select Path variable, and append the directory where the plink.exe is located here.
Or, you can just set your PATH variable as shown below. In the following example, I’ve downloaded the plink.exe to C:Downloads directory.
Next, type plink in the command prompt, this will display the various options available.
2. Plink Interactive SSH Session
The following is the basic syntax for plink:
plink [options] connection [command]
In the above syntax:
- options – You can pass various options to plink. This is optional.
- connection – This will have the connection information of the Linux server that you want to connect to. Various connection methods are explained in the examples below.
- command – This is the command that should be executed on the remote Linux server. This is optional.
While the command is optional, when you don’t give it, it will display a raw interactive session, which will have lot of non-printable non-readable character on the screen. As explained earlier, plink is not meant to be used as interactive session. Use putty for interactive session.
For now, let us see various methods to use the connection.
First, you can just give the ip-address of the remote-server. This will then ask for the username and password to login.
C:>plink 192.168.101.1 login as: root firstname.lastname@example.org's password:
Or, you can also use the username using @ symbol as shown below. This will ask only for the password, as we’ve specified the username.
C:>plink email@example.com Using username "root". firstname.lastname@example.org's password:
You can also pass the username using -l option as shown below:
C:>plink 192.168.101.1 -l mysql
You can also use the name of an existing putty session. In this example, I’m using the existing saved putty session called “devdb”. This is the recommended way of using, as you can bring all the configuration information from PuTTY to here for this particular “devdb” session.
C:>plink devdb Using username "root". email@example.com's password:
The following -load is exactly the same as above.
C:>plink -load devdb Using username "root". firstname.lastname@example.org's password:
As you see below, once you login, you’ll get a command-prompt. But, doing anything here will display some non user-friendly characters.
C:>plink devdb Using username "root". email@example.com's password: ?]0;root@devdb:~[root@devdb ~]# ?]0;root@devdb:~[root@devdb ~]# ?]0;root@devdb:~[root@devdb ~]# ?[Kls -altr total 326432 drwx------. 2 root root 4096 Jan 23 2016 ?[01;34m.ssh?[0m drwxr-xr-x. 2 root root 4096 May 9 2016 ?[01;3Documents?[0m drwxr-xr-x. 2 root root 4096 May 8 12:41 ?[01;3Downloads?[0m ?[m?]0;root@devdb:~[root@devdb ~]#
Again, for interactive SSH session, please use PuTTY.
On a related note, even if you’ve been using PuTTY for a while, you might find few tips from here helpful: 10 Awesome PuTTY Tips and Tricks You Probably Didn’t Know
3. Plink Non-Interactive SSH Session to execute a Remote Command
Using plink, from windows, you can execute a command on the Linux server without any user interaction and just display the output.
For this, pass the command as the last argument to the plink as shown below.
In the following example, it will execute “crontab -l” command on the remote server and display the output.
C:>plink firstname.lastname@example.org crontab -l no crontab for root
If you want to execute multiple commands, then group them together as shown below.
C:>plink email@example.com (hostname;crontab -l) devdb.thegeekstuff.com no crontab for root
The following will execute the db-backup.sh shellscript on the remote Linux server. But, you are initiating this from your Windows machine.
plink firstname.lastname@example.org /root/bin/db-backup.sh
Few points to keep in mind:
- If the above command is asking for password, and if you don’t want that to happen, you should setup the public-private key authentication appropriately so that remote Linux server doesn’t ask for password.
- You can also pass the password as a command-line option to plink as shown in one of the examples below.
- Also, if the above displays an error message about invalid protocol, then you should pass the appropriate protocol as shown in the next example.
4. Execute Multiple Linux Commands from a Windows File
Instead of specifying all the commands to be executed on the remote Linux server in the plink command-line, you can also put them in a text file and specify the file as a parameter to the plink.
For example, create the following file called commands.txt on your Windows.
C:>type commands.txt hostname service mysql stop yum -y install httpd service mysql start service httpd start crontab -l
Now to execute all of the above commands on the remote Linux server one-by-one in a sequence, execute the following plink command on your Windows laptop.
C:>plink email@example.com -m C:commands.txt
5. Specify Connection Protocol
Plink allows the following protocols: SSH, Telnet, Remote Login (rlogin), Raw, Serial Connection
The most popular and the default is SSH. Use -ssh as shown below.
C:>plink -ssh firstname.lastname@example.org
C:>plink -telnet email@example.com
For Remote Login using rlogin:
C:>plink -rlogin firstname.lastname@example.org
C:>plink -raw email@example.com SSH-2.0-OpenSSH_5.3
If you are trying to specify a particular protocol, and if you are getting “FATAL ERROR: Network error: Connection refused” error, it means that the remote server doesn’t support the specified protocol.
If you don’t want to specify the protocol on the command line:
- You can use a saved PuTTY session which already has the protocol defined for that particular session.
- Or, you can use Windows env variable called PLINK_PROTOCOL and set the value accordingly, which will be used by plink.
6. Specify SSH Password as Plink Argument
If you don’t have the key based authentication setup, then you can pass the password as a parameter in the command-line. Needless to say this method is not recommended.
This will connect to the server as root using the password specified by the -pw option, and execute all the given Linux commands and display the output on your Windows command-prompt.
C:>plink firstname.lastname@example.org -pw SecretRootPwd (date;hostname;ls -l)
Of course, the easy method is to use a saved putty session (For example, devdb) instead of specifying the username and ip-address as shown below.
C:>plink devdb -pw SecretRootPwd (date;hostname;ls -l)
7. Debug Plink Issues
First, make sure you have the latest version of plink. Use -V option (upper-case V) as shown below. The current stable release is 0.69
C:>plink -V plink: Release 0.69 Build platform: 64-bit Windows Compiler: Visual Studio 2015 / MSVC++ 14.0 (_MSC_VER=1900) Source commit: b1829b81b5c0d12dcc91f6b50b0b4d83c3df6a8e
Next, use -v option (lower-case v) as show below for more verbose output.
C:>plink -v devdb service httpd restart Connecting to 192.168.101.1 port 22 We claim version: SSH-2.0-PuTTY_Release_0.69 Server version: SSH-2.0-OpenSSH_5.3 We believe remote version has SSH-2 channel request bug Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Server also has ssh-dss host key, but we don't know it Host key fingerprint is: ssh-rsa 2048 2f:d2:c1:7f:db:a1:16:21:d2:f4:31:f9:ae:96:be:89 Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Using username "root". Using SSPI from SECUR32.DLL Attempting GSSAPI authentication GSSAPI authentication request refused Sent password Access granted Opening session as main channel Opened main channel Started a shell/command .. Server sent command exit status 0 Disconnected: All channels closed
8. Specify SSH Port as Plink Option
By default for SSH, it will connect to port 22. But, on your Linux server if SSH is configured to run on a different port, then use -P option in plink to specify the port.
In the following example, plink will connect to the remote Linux server on port 25.
C:>plink email@example.com -P 25 crontab -l
When you use a saved PuTTY session and -P option, instead of using the port from the saved session, it will use the given Port.
C:>plink devdb -P 25 crontab -l
9. Plink Log Files for SSH Connections
For the SSH protocol in Plink, there are couple of useful logging options.
The following –sshlog option will save the logs in the given file (sshlog.txt).
C:>plink devdb -sshlog sshlog.txt (date;hostname;ls -l)
This is the partial content of the sshlog.txt output
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.05.11 11:40:57 =~=~=~=~=~=~=~=~=~=~=~= Event Log: Writing new session log (SSH packets mode) to file: sshlog.txt Event Log: Connecting to 192.168.101.1 port 22 Event Log: We claim version: SSH-2.0-PuTTY_Release_0.69 Event Log: Server version: SSH-2.0-OpenSSH_5.3 Event Log: We believe remote version has SSH-2 channel request bug Event Log: Using SSH protocol version 2 Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT) 00000000 ed 8e ff c9 d3 67 cf 95 0e 8f 1a 4d 6d 65 6f 25 .....g.....Mmeo% 00000010 00 00 00 f0 63 75 72 76 65 32 35 35 31 39 2d 73 ....curve25519-s ...... Outgoing packet #0xc, type 96 / 0x60 (SSH2_MSG_CHANNEL_EOF) 00000000 00 00 00 00 .... Outgoing packet #0xd, type 97 / 0x61 (SSH2_MSG_CHANNEL_CLOSE) 00000000 00 00 00 00 .... Event Log: Disconnected: All channels closed
For more detailed log, use -sshrawlog option. Please note that the filesize of this will be larger than the above, as this will store lot more information in the log file.
Also, this will take longer to execute than the above command, as sshrawlog option collects more log information than regular sshlog option.
C:>plink devdb -sshrawlog sshrawlog.txt (date;hostname;ls -l)
10. Specify SSH Protocol (SSH-1 or SSH-2)
By default, it will use SSH-2 protocol, which can also be specified using -2 option as shown below.
C:>plink devdb -2 (hostname;ls -l) devdb.thegeekstuff.com total 326380
For SSH-1 protocol, use -1 option as shown below. If your server doesn’t support it, you’ll get the following error.
C:>plink devdb -pw -1 (hostname;ls -l) FATAL ERROR: SSH protocol version 1 required by our configuration but not provided by server
11. Specify IP Protocol (IPv4 or IPv6)
By default, it will use IPv4, which can also be specified using -4 option as shown below.
C:>plink devdb -4 (hostname;ls -l)
To use IPv6, use-6 option as shown below.
C:>plink devdb -6 (hostname;ls -l)
12. Use Private Key File for Authentication with Plink
Use -i option to specify the location of the private key file that should be used for authentication.
In the following example, it will use the devdb.ppk file from C:Downloads directory.
C:>plink -i "C:Downloadsdevdb.ppk" firstname.lastname@example.org hostname
Note: You’ll get “Server refused our key”, if the given key is not properly configured to be used with your Linux Server.
If the key file is not found (for example, when you give a wrong directory name), you’ll get the following error:
C:>plink -i "D:Datadevdb.ppk" email@example.com hostname Unable to use key file "C:UsersrameshDownloadsdevdb.ppk" (unable to open file) firstname.lastname@example.org's password:
If you specify a Key what is not of proper format, you’ll get the following error message.
C:>plink -i "C:Downloadsdevdb.key" email@example.com hostname Unable to use key file "C:Downloadsdevdb.key" (OpenSSH SSH-2 private key (old PEM format))
13. Additional Enable and Disable Options for Plink SSH
You can also use the following plink SSH options:
- -X to enable X11 forwarding
- -X to disable X11 forwarding
- -A to enable agent forwarding
- -a to disable agent forwarding
- -t to enable pty allocation
- -T to disable pty allocation
- -noagent to disable use of Pageant
- -agent to enable use of Pageant
- -C to enable compression
14. Fingerprint and HostKey with Plink
Use -pgpfp option which will display the PGP fingerprint details for PuTTY. Typically you can use this to establish trust from plink.exe executable to another program or executable that you are trying to connect to.
C:>plink -pgpfp PuTTY Master Key as of 2015 (RSA, 4096-bit): 440D E3B5 B7A1 CA85 B3CC 1718 AB58 5DC6 0467 6F7C Original PuTTY Master Key (RSA, 1024-bit): 8F 15 97 DA 25 30 AB 0D 88 D1 92 54 11 CF 0C 4C Original PuTTY Master Key (DSA, 1024-bit): 313C 3E76 4B74 C2C5 F2AE 83A8 4F5E 6DF5 6A93 B34E
Also, you can use hostkey in the plink to connect to the remote server accordingly using -hostkey option.
C:>plink devdb -hostkey aa:dd:b1:f1:f8:00:4c:36:63:ec:cf:92:16:e6:df:26 hostname
15. Plink -batch option for Windows Batch Files
If you are running plink inside a Windows batch file, then it is recommended that you use -batch option.
C:>plink -batch devdb [complex-linux-command]
In the above example, if the complex-linux-command fails, or asking for an input from the user, or hangs, etc, then your Windows Batch script will not be waiting. Instead, plink will just abandon the command, and the batch script will fail.
This is probably what you would expect to happen instead of your windows batch file job just waiting or hanging.
So, use -batch option in plink when you are writing Windows batch scripts using plink.