I'm looking at deployment options at the moment. I'm using Jenkins on a Windows machine to control deployment to multiple remote Windows servers.
The deployment involves executing a batch script on the remote Windows servers, and so far psexec seems to do the trick. The one problem I have with it is that I need to give psexec my password in plain text.
Anyone know of an equivalent to the SSH public/private key for psexec, or some other passwordless remote login for Windows that will let me synchronise files and execute batch scripts?
Best Answer
I'm not aware of anything truly analagous to SSH key-based authentication for Windows. But here are a couple ideas:
From here, I find that if you first connect to the ipc$ share of the remote host, then run psexec, that psexec will automatically run in the context of the ipc$ connection.
So in your batch file:
That will stop your username/password from being sent over the network in cleartext. However, it does leave your username/password visible inside your batch file.
One way to get around that is to write an executable program whose only function is to run "net use \[commandline argument]\IPC$ /user:MyID MyPassword". (Personally I'd use something like autoit to write the .exe.) Let's say we name it "nu.exe". Then your secret username/password is at least embedded inside of "nu.exe" and thus is not in cleartext. While it's probably possible to reverse engineer via decompiling it, it's at least obfuscated somewhat.
Then your process is:
But then you need to keep nu.exe in a safe place, because anyone who had access to it could execute programs on remote hosts as whatever ID you've embedded into nu.exe.
So both options have drawbacks, but perhaps one of them will work for you...