-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add PuTTY module and fix WinSCP #249
Conversation
For now i updated the module to not use an object on itself, but to pass it through the functions. We should definitely fix the load process though imo |
Excellent finding as always @NeffIsBack 😃 |
A colleague pointed out, that you can store proxy username&password with PuTTY which are stored in the registry in plaintext. Added detection for that as well |
@Marshall-Hallenbeck for testing set the proxy creds: |
Installing necessary requirements to test this now |
@NeffIsBack just tested this and it works great, I just had a concern with the file name that it saves the file in. It doesn't include a timestamp/hash in the filename so keys will over-write each other if they are named the same. I think it'd be useful to make sure they aren't being overwritten in situations where a user might have different keys with the same keyname on different hosts (such as id_rsa) or in the rare case they change the key and you redownload it. |
Also, it looks like the proxy creds aren't stored anywhere, just printed to the screen? |
Indeed a valid concern! I'll change that real quick. |
Hmm yes, i didn't want to add them to the db as they might not be AD credentials, but arbitrary ones. Also we have no garantuee they work, like a valid login or an AD dump of some kind (although they probably will). That's why i didn't add them. |
Can you save them to a file in the PuTTY directory? |
@NeffIsBack with the new I'm working on another PR to normalize module logging, but should we break up logs and module data output? i.e. If you want I can come up with a normalized way to handle all this and we can just merge what's here and I'll update it later. |
For core option it's not very logical to move them to a module folder imo |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, LGTM. I'll make the logging changes in another PR per what we discussed in PMs.
This PR contains:
PuTTY example:
Before, if a certain registry was not found by winscp it crashed internally, skipping credential extraction for a user with existing credentials. Before and after: