How to use PGPASS file in Powershell to avoid password prompt? - windows

I had to automate my postgre database backup. As instructed by my software vendor I am trying to use pg_dump.exe (see below) file to take a backup but that prompts me for password.
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
So googled and found that as per "https://www.postgresql.org/docs/9.6/libpq-pgpass.html" I can create a pgpass.conf file within 'C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf" which I did.
Then I tried to pass data of pgpass.conf file to env variable before executing my pg_dump command. But it is not working. Still I am getting prompt to enter password. This is the content of pgpass.conf file: *:*:*:postgres:password
Below is the code I am trying in PowerShell,
$Env:PGPASSFILE="C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf"
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin"
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
Why am I still being asked for password?
When I type following code $Env:AppData I get following response "C:\Users\User1\AppData\Roaming"
Everywhere there are guidance on how to use it in UNIX or command prompt but not in powershell. Any help is appreciated. Also if you could direct me how to secure this password file then it will be great.
With password prompt I cannot automate it with windows task scheduler.

I suspect you have a suitable solution, however, as a quick (and not secure) workaround via the command prompt, you can use the variable PGPASSWORD to hold the password then run the backup script.
A sample might be something like:
SET PGPASSWORD=password
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" pg_dump.exe -h localhost -p 4432 -U postgres -b -F t -f "d:\qs_backup\QSR_backup.tar" QSR
Rod

I have yet to get the damned thing to work yet, but I did find this:
-w
--no-password Never issue a password prompt. If the server requires password authentication and a password is not available by other means
such as a .pgpass file, the connection attempt will fail. This option
can be useful in batch jobs and scripts where no user is present to
enter a password.
I don't see a -w parameter in your call to pg_dump

I used pg_hba file to allow connection "trust" this is riskier method but I had to get things done ASAP. Thank you for your time and effort

Related

Running psql from shell always ask for connection details

I am trying to run psql command from windows command line. However, command always ask for connection details even though connection details are given.
I have tried below two commands but none works:
"C:\Program Files\PostgreSQL\12\scripts\runpsql.bat -f d:\test.sql postgresql://postgres:password#localhost:5432/testdb
and
"C:\Program Files\PostgreSQL\12\scripts\runpsql.bat" -h localhost -d testdb -U postgres -p 5432 -f d:\test.sql
I have created password file to store password as mentioned here.
However, in command line, it asks for host name, database and other details.

Batch file runs software which prompts for password. Can I make the batch file automatically fill in the password?

My question is not specific to PostgreSQL 9.6, but PostgreSQL 9.6 is the software I'm trying to run so I will use it as my example. I'm also running on Windows 10.
EDIT: Magoo gave a very PostgreSQL specific answer. If someone else could give a more general answer that works then I will change which is the accepted answer to that one.
I'm running the following code in a batch-file:
#echo off
SET/P file=Select file:
#echo on
"%~dp0\psql.exe" -W -h [IP adress] -d [databasename] -U [username] -f [file1]
"%~dp0\osm2pgsql-bin\osm2pgsql.exe" --slim --drop --latlong --keep-coastlines --multi-geometry --hstore -S [file2] --tag-transform-script [file3] -W -U gisuser -H [IP adress] -d [databasename] "%file%"
"%~dp0\psql.exe" -W -h [IP adress] -d [databasename] -U [username] -f [file4]
"%~dp0\psql.exe" -W -h [IP adress] -d [databasename] -U [username] -f [file5]
"%~dp0\psql.exe" -W -h [IP adress] -d [databasename] -U [username] -f [file6]
#echo off
pause
#echo on
(Everything inside brackets is a hardcoded value.)
When psql.exe and osm2pgsql.exe start they prompt for a password. This is fine on its own, but with them running a number of times it forces the user to enter the password several times. osm2pgsql is also a process that takes a long time so the user would have to wait between times to enter the password.
What I want to do is prompt the user for the password once and then automatically enter that password while psql.exe and osm2pgsql.exe are running when they prompt for the password.
I've attempted this with no success: https://stackoverflow.com/a/43896549/7398644
For the curious, the code above is supposed to DROP CASCADE a number of tables in a PostgreSQL database (SQL code in file1), then recreate those tables from OpenStreetMap data, and then finally create a number of views in the same database (SQL code in file4, 5 and 6).
From the PostgreSQL page on command-line execution of psql.exe
-w
--no-password
Never issue a password prompt. If the server requires password authentication and a password is not available by other means such as a .pgpass file, the connection attempt will fail. This option can be useful in batch jobs and scripts where no user is present to enter a password.
Note that this option will remain set for the entire session, and so it affects uses of the meta-command \connect as well as the initial connection attempt.
So, I'd suggest a .pgpass file is the way to go...
One possibility is to use a script language like Autoit or Autohotkey.
>
AutoIt
AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting. It uses a combination of simulated keystrokes, mouse movement and window/control manipulation in order to automate tasks in a way not possible or reliable with other languages (e.g. VBScript and SendKeys). AutoIt is also very small, self-contained and will run on all versions of Windows out-of-the-box with no annoying “runtimes” required!
>
You can create a script which is started with your batch and waits in background for a specific windows dialog (the password dialog)
If the dialog is recognized, you are able to ask for the password, store it in a variable and fill out automatically in all subsequent dialog calls.

Automatic login using PUTTY.EXE with Sudo command

I am using below command to open putty through windows command prompt:
PUTTY.EXE -ssh -pw "mypass" user#IP -m C:/my.sh -t
Where my.sh mentioned in above command file contains:
sudo su - rootuser
After executing the command, putty console is opened and it prompts for password.
Is there any way where I can provide this password automatically without typing it?
There's a bit of a horrible workaround using Expect and embedding a password.
This is a bad idea.
As an alternative:
Configure sudo to allow NOPASSWD.
Login directly as root using public-private key auth.
Both these introduce a degree of vulnerability, so should be used with caution - but any passwordless auth has this flaw.
Finally, after struggling for almost whole day, I got the way to get this working.
Below command can be executed from windows machine:
PLINK.EXE -t -ssh -pw "password" user#IP /home/mydir/master.sh
master.sh file is located on remote machine. And this file contains below command to execute script with sudo command without prompting password.
echo password | sudo u user -S script.sh
Here, password should be replaced with your password. user should be replaced with your actual user and script.sh is the script on remote machine that you want to fire after sudo login.

Windows PSQL command line: is there a way to allow for passwordless login?

My goal is to be able to fire off a command without having to be prompted for my password. Is there any way to achieve this from the windows command line? In Linux I feel I could send the password to standard in or something, but I am not sure if I could do this for windows.
Thanks!
There are two ways:
Set environment variable PGPASSWORD e.g. set PGPASSWORD=yoursecretpassword
Use password file %APPDATA%\postgresql\pgpass.conf as described in documentation
Within password file (my location is C:\Users\Grzesiek\AppData\Roaming\postgresql\pgpass.conf) use specified in doc format. For example to connect database postgres as role postgres on local 5432 server add:
localhost:5432:postgres:postgres:12345
I checked this and it works well (for me), but don't use 127.0.0.1).
Another handy option (specially if your PG server runs in your own client machine, and if this does not poses any security problem for you) is to allow login without password in the server ("trust" authentication mode).
For example, this line in pg_hba.conf (in your DATA dir, a typical location: C:\Program Files\PostgreSQL\9.0\data\ ) grants access without password from your local machine.
host all all 127.0.0.1/32 trust
Then, connect with
psql.exe -h 127.0.0.1 -U postgres -w [YOUR_DB_NAME]
I know it is an old question but for anyone looking like I was, it is hard to find a solution for windows. stick this in a .bat file and it will work (at least for me it did). change director to postres directory, set environment variable PGPASSWORD execute copy command to a csv file and then clear environment variable, then go back to root directory.
cd C:\Program Files\PostgreSQL\9.5\bin\
set PGPASSWORD=yourpassword
psql -d databasename -U yourusername -w -c "\COPY (select * from yourtable) TO 'c:/Users/yourdirectory/yourcsvfilename.csv' DELIMITER '|' CSV HEADER;"
set PGPASSWORD=
cd c:\
I realize this question is a bit old now, but I believe there is a better means for secure, password-free PostgreSQL logon on Windows - SSPI.
Create a local or domain user account and PostgreSQL login with the same name.
In pg_ident.conf, create a mapping:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
SSPI username#AUTHORITY loginname
Replace username with the Windows user name (this is the sAMAccountName attribute for domain accounts), and replace AUTHORITY with the computer name or short domain name. If you're not sure what to use for AUTHORITY, check the PostgreSQL log file. For a local account, this will be the computer name; for a domain account, it's probably the short domain name. Lastly, replace loginname with the PostgreSQL login name (to reduce confusion, I would recommend using the same name for both username and loginname).
In pg_hba.conf, allow the logon; e.g.:
# TYPE DATABASE USER ADDRESS METHOD
host all loginname 127.0.0.1/32 sspi map=SSPI
host all loginname ::1/128 sspi map=SSPI
If a domain account, set a SPN for it; e.g.:
setspn -S POSTGRES/serverfqdn username
Now you can log onto Windows using the specified username and run psql.exe, etc. without needing a password.
Steps:
First ENviroment Var PGPASSWORD
C:\Windows\system32>set PGPASSWORD=clave
before
psql -d basededatos -U usuario
Ready,
I got it working in Postgres 15 with:
psql -U postgres -h 127.0.0.1 -p 54322 -f some_file password=postgres
J
If you're able to use Powershell, you can set environment variables inline, similar to bash.
This should work:
$Env:PGPASSWORD='your-pass'; psql -U postgres
Note the semicolon between setting the variable and actual command, this is important since those are inline but two separate commands.
I found another useful solution that worked for me on this link. It basically sets the PGPASSWORD at the beginning of your command like this:
PGPASSWORD=PASSWORD psql YOUR_CODE

NCFTPPUT command problem

I using passive mode FTP command provide by NCFTP, Currently i want to pass a raw ftp command after file transferred. i found that got an option to do that:
ncftpput -u user -p password -X "rename 123.exe 1234.exe" host /path C:\123.exe
however, it is not working. It can put the file, but rename command not working.
Have anyone did that before?Pls help
-X use RAW FTP commands
Use the following syntax:
ncftpput -u user -p password -X "RNFR 123.exe" -X "RNTO 1234.exe" host /path/123.exe
It works with ncftls as well. It is more immediate if you what you have to do is just a rename without actually uploading anything on the FTP server.
(-W is like -X. The only difference is that it does the rename immediately after logging in)
Here is the syntax:
ncftpls -u name -p psw -W "RNFR FTPfolder/anotherFolder/OLDname.txt" -W "RNTO FTPfolder/anotherFolder/NEWname.txt" ftp://ftp.name.org

Resources