# provision-dispatch.ps1: this allows you to fire off a command via ssh # with an ssh-key (which nets you no credentials), pull in some cached # credentials and execute the command in a process using those credentials. # # It assumes that it is being called via a setup where the ssh-key in # question has the `command=' option set forcing this command to be # ran. As a side-effect, you can vet the command before running it. # # # $Author: tkula $ # $Date: 2010/08/05 18:37:05 $ # $Source: /usr/src/cvsroot/storage/mainstream/src/win/provision-dispatch.ps1,v $ # $Id: provision-dispatch.ps1,v 1.1 2010/08/05 18:37:05 tkula Exp $ $cmdstr = $env:SSH2_ORIGINAL_COMMAND $command, $arguments = $cmdstr.split() if ( $command -eq "get-acl" ) { $filepath = "C:\Users\backup\mainstream-storage\get-acl.ps1" } else { "ERR UNKNOWNCOMMAND >$command<" exit 1 } # Shamelessly stolen from http://www.powershellcommunity.org/Forums/tabid/54/aff/4/aft/900/afv/topic/Default.aspx # The comment from "16 Jan 2008 10:39 PM" # To create backup.creds: # PS C:\Users\backup\mainstream-storage> $passwordforfile = read-host -assecurestring # ************* # PS C:\Users\backup\mainstream-storage> $key = get-content backup.creds.key -encoding byte # PS C:\Users\backup\mainstream-storage> convertfrom-securestring -securestring $passwordforfile -key $key | out-file backup.creds # # To create backup.creds.key, find a unix box: # dd if=/dev/random of=backup.creds.key bs=32 count=1 $user = "backup" $credfile = "C:\Users\backup\mainstream-storage\backup.creds" $keyfile = "C:\Users\backup\mainstream-storage\backup.creds.key" $securetextfromfile = get-content $credfile $key = get-content $keyfile -encoding byte $password = convertto-securestring $securetextfromfile -key $key # Adapted from http://www.leeholmes.com/blog/CachingCredentialsForAdministrativeTasks.aspx $startinfo = new-object System.Diagnostics.ProcessStartInfo $startinfo.UserName = $user $startinfo.Password = $password $startinfo.FileName = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $startinfo.Arguments = $filepath+" "+$arguments $startinfo.WorkingDirectory = "C:\Users\backup" $startinfo.LoadUserProfile = $true $startinfo.UseShellExecute = $false $startinfo.RedirectStandardOutput = $true $proc = [System.Diagnostics.Process]::Start($startinfo) $output = $proc.StandardOutput.ReadToEnd(); $proc.WaitForExit() $output