Using other Centrify-enabled PuTTY programs

In addition to the main PuTTy client (putty.exe), Centrify has modified the standard versions of the pscp.exe, psftp.exe, and plink.exe programs to support Kerberos authentication.

The modified pscp.exe program supports the following command formats:

pscp [options] [user@]host:source target 
pscp [options] source [source...] [user@]host:target
pscp [options] -ls [user@]host:filespec

The modified psftp.exe program supports the following command formats:

psftp [options] [user@]host

The modified plink.exe program supports the following command formats:

plink [options] [user@]host [command]

Many of the PuTTY settings can be provided as options to the command line tools. You can also save command line settings into sessions and load them when executing commands using the –load option. If the settings in a saved session conflict with those specified when invoking the command, the specified options take precedence.

In addition to the standard PuTTY command line options, Centrify PuTTY provides the following options:

Option Description

-k

Use Kerberos authentication and provide a UNIX user account name during login.

This option is equivalent to selecting Attempt Kerberos auth (SSH-2) and None for the Auto-login username in the Centrify PuTTY Kerberos configuration page.

-K

Use Kerberos authentication and do auto login.

This option is equivalent to selecting both Attempt Kerberos auth (SSH-2) and the User principal name (requires DirectControl) for the Auto-login username in the Centrify PuTTY Kerberos configuration page.

-spn

Specify the service principal name (SPN) of the target computer.

This option takes effect only when the –k or –K option is used. This option is equivalent to specifying the computer’s service principal name for the Service principal name in the Centrify PuTTY Kerberos configuration page.

The other Kerberos settings—such as Create forwardable tickets and Find machine from trusted domains—are not exposed as options to the pscp.exe, psftp.exe and plink.exe programs. You can configure these settings using the Centrify PuTTY client user interface, save them in a session, then load the session using the –load option.

The following example illustrates how to use Centrify PuTTY command line options to facilitate administrative tasks. In this example, the pscp.exe program is used to retrieve the file /etc/group from a remote Linux computer named RedHatLinux with the current user’s login name and Kerberos credentials for authentication on the remote computer:

pscp –K RedHatLinux:/etc/group c:\temp

Because this command uses the -K option, you don’t need to specify a user name in the command line or be prompted for password during runtime. Therefore, the command can be embedded in a batch file for administrative use. However, this command would require the remote RedHatLinux computer to have the Centrify agent installed and be joined to an Active Directory domain.