Because the documentation explicitly cautions, the 0.74 secure PuTTY launch does not safely guard plain-text passwords submitted to it through the -pw command line option for the psftp, pscp, and plink utilities. The creators are aware of the problem, as evidenced by the source code, yet the issue is proven on Microsoft Windows, Oracle Linux, and the OpenBSD package.
While the -pw possibility is engaging for SSH customers who’re required to make use of passwords (and forbidden from utilizing keys) for scripting actions, the publicity danger must be understood for any use of the characteristic. Users with safety issues ought to receive the -pwfile performance, both by making use of a patch to the 0.76 secure launch, or utilizing a snapshot launch discovered on the PuTTY web site.
Connection “stacking” refers to any solution that involves tunneling ssh connections inside each other. “Nesting” strikes me as a better term, but stacking seems to be more widely agreed upon. It is typically implemented with proxy-commands or with ssh port-forwarding. It can be more difficult to manage for connections with many hops, and it forces one of the endpoints to bear the encryption load of all the connections (in chained setups, the load is spread evenly among all the hosts in the chain). It does maintain end-to-end encryption, preventing connection/credential sniffing by intermediate hosts.
PuTTY is one of the oldest and most used SSH clients, first developed for Windows but now available for a variety of platforms. It has received corporate support and approval, and it is available and bundled in a variety of third-party repositories.
After discussions with the unique writer of PuTTY, Simon Tatham developed a brand new -pwfile possibility, which is able to learn an SSH password from a file, eradicating it from the command line. This characteristic might be backported into the present 0.76 secure launch. Full directions for making use of the backport and a .netrc wrapper for psftp are introduced, additionally carried out in Windows below Busybox.