plink [options] [user@]host [command]
plink is a network connection tool supporting several protocols.
The command-line options supported by plink are:
Show version information and exit.
Display the fingerprints of the PuTTY PGP Master Keys and exit, to aid in verifying new files released by the PuTTY team.
Show verbose messages.
- -load session
Load settings from saved session.
Force use of SSH protocol (default).
Force use of Telnet protocol.
Force use of rlogin protocol.
Force raw mode.
Force serial mode.
Force use of the `bare ssh-connection' protocol. This is only likely to be useful when connecting to a psusan(1) server, most likely with an absolute path to a Unix-domain socket in place of host.
- -proxycmd command
Instead of making a TCP connection, use command as a proxy; network traffic will be redirected to the standard input and output of command. command must be a single word, so is likely to need quoting by the shell.
The special strings %host and %port in command will be replaced by the hostname and port number you want to connect to; to get a literal % sign, enter %%.
Backslash escapes are also supported, such as sequences like \n being replaced by a literal newline; to get a literal backslash, enter \\. (Further escaping may be required by the shell.)
(See the main PuTTY manual for full details of the supported %- and backslash-delimited tokens, although most of them are probably not very useful in this context.)
- -P port
Connect to port port.
- -l user
Set remote username to user.
- -m path
Read remote command(s) from local file path.
Disable interactive prompts.
By default, Plink can choose to filter control characters if that seems appropriate, to prevent remote processes sending confusing escape sequences. These options override Plink's default behaviour to enable or disabling such filtering on the standard error and standard output channels.
- -pw password
Set remote password to password. CAUTION: this will likely make the password visible to other users of the local machine (via commands such as `w').
- -L [srcaddr:]srcport:desthost:destport
Set up a local port forwarding: listen on srcport (or srcaddr:srcport if specified), and forward any connections over the SSH connection to the destination address desthost:destport. Only works in SSH.
- -R [srcaddr:]srcport:desthost:destport
Set up a remote port forwarding: ask the SSH server to listen on srcport (or srcaddr:srcport if specified), and to forward any connections back over the SSH connection where the client will pass them on to the destination address desthost:destport. Only works in SSH.
- -D [srcaddr:]srcport
Set up dynamic port forwarding. The client listens on srcport (or srcaddr:srcport if specified), and implements a SOCKS server. So you can point SOCKS-aware applications at this port and they will automatically use the SSH connection to tunnel all their connections. Only works in SSH.
Enable X11 forwarding.
Disable X11 forwarding (default).
Enable agent forwarding.
Disable agent forwarding (default).
Enable pty allocation (default if a command is NOT specified).
Disable pty allocation (default if a command is specified).
Force use of SSH protocol version 1.
Force use of SSH protocol version 2.
- -4, -6
Force use of IPv4 or IPv6 for network connections.
Enable SSH compression.
- -i keyfile
Private key file for user authentication. For SSH-2 keys, this key file must be in PuTTY's PPK format, not OpenSSH's format or anyone else's.
If you are using an authentication agent, you can also specify a public key here (in RFC 4716 or OpenSSH format), to identify which of the agent's keys to use.
Don't try to use an authentication agent for local authentication. (This doesn't affect agent forwarding.)
Allow use of an authentication agent. (This option is only necessary to override a setting in a saved session.)
Disconnect from any SSH server which accepts authentication without ever having asked for any kind of password or signature or token. (You might want to enable this for a server you always expect to challenge you, for instance to ensure you don't accidentally type your key file's passphrase into a compromised server spoofing Plink's passphrase prompt.)
Don't test and try to share an existing connection, always make a new connection.
Test and try to share an existing connection.
- -hostkey key
Specify an acceptable host public key. This option may be specified multiple times; each key can be either a fingerprint (SHA256:AbCdE..., 99:aa:bb:..., etc) or a base64-encoded blob in OpenSSH's one-line format.
Specifying this option overrides automated host key management; only the key(s) specified on the command-line will be accepted (unless a saved session also overrides host keys, in which case those will be added to), and the host key cache will not be written.
Remote command is SSH subsystem (SSH-2 only).
Don't start a remote command or shell at all (SSH-2 only).
- -nc host:port
Make a remote network connection from the server instead of starting a shell or command.
- -sercfg configuration-string
Specify the configuration parameters for the serial port, in -serial mode. configuration-string should be a comma-separated list of configuration parameters as follows:
- Any single digit from 5 to 9 sets the number of data bits.
- `1', `1.5' or `2' sets the number of stop bits.
- Any other numeric string is interpreted as a baud rate.
- A single lower-case letter specifies the parity: `n' for none, `o' for odd, `e' for even, `m' for mark and `s' for space.
- A single upper-case letter specifies the flow control: `N' for none, `X' for XON/XOFF, `R' for RTS/CTS and `D' for DSR/DTR.
- -sshlog logfile
- -sshrawlog logfile
For SSH connections, these options make plink log protocol details to a file. (Some of these may be sensitive, although by default an effort is made to suppress obvious passwords.)
-sshlog logs decoded SSH packets and other events (those that -v would print). -sshrawlog additionally logs the raw encrypted packet data.
If Plink is configured to write to a log file that already exists, discard the existing file.
If Plink is configured to write to a log file that already exists, append new log data to the existing file.
Instead of making a new connection, test for the presence of an existing connection that can be shared. The desired session can be specified in any of the usual ways.
Returns immediately with a zero exit status if a suitable `upstream' exists, nonzero otherwise.
For more information on plink, it's probably best to go and look at the manual on the PuTTY web page:
This man page isn't terribly complete. See the above web link for better documentation.