PowerShell v1脚本提示输入密码

Question

我正在尝试将远程服务器身份验证添加到PS1批处理文件脚本中。

所以我可以这样做：

Copy-Item $src $destination -Credential $Creds 

我创建了一个密码文件，对于现在在同一目录中的脚本。它只是包含密码字符串。

引起提示行：

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File password.txt 

当我去掉Read-host命令，迅速消失和脚本按预期执行。

问题 什么是做远程服务器验证的正确方法？

下面是在脚本的背景下，新代码：

[...] 

    if(-not(Test-Path $destination)){mkdir $destination | out-null} 

    Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File password.txt 
    $PW = Get-Content password.txt | ConvertTo-Securestring 
    $Creds = New-Object -Typename System.Management.Automation.PSCredential -Argumentlist "SERVER02\Administrator",$PW 

ForEach ($sourcefile In $(Get-ChildItem $source | Where-Object { $_.Name -match "Daily_Reviews\[\d{1,12}-\d{1,12}\].journal" })) 
{ 

     [...] 

     Copy-Item $src $destination -Credential $Creds 

     [...] 

} 

Answer 1

如果您不担心机器之间的密码文件的便携性，你可以使用这个相当安全的方法：

# Capture once and store to file - DON'T PUT THIS PART IN YOUR SCRIPT 
$passwd = Read-Host "Enter password" -AsSecureString 
$encpwd = ConvertFrom-SecureString $passwd 
$encpwd 
$encpwd > $path\password.bin 

# Later pull this in and restore to a secure string 
$encpwd = Get-Content $path\password.bin 
$passwd = ConvertTo-SecureString $encpwd 

$cred = new-object System.Management.Automation.PSCredential 'john',$passwd 
$cred 

# NOTE: The "secret" required to rehyrdate correctly is stored in DPAPI - consequence: 
#  You can only rehydrate on the same machine that did the ConvertFrom-SecureString 

如果您需要调试这个，看看是否$ passwd是正确的，你可以执行此同时调试：

$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd) 
$str = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr) 
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr) 
$str