In order to create a real time dynamic IP whitelist solution for a client I needed to be able to SSH into a pfSense fiewall using ColdFusion and kick off a few .sh files to update the firewall's ip whitelist. ColdFusion doesn't have the ability to SSH directly, but by using <cfexecute>, Putty and Plink you can get the job done.
Here is how to do it:
2. Launch Putty and create a "stored session" to the target server. I named my stored session "firewall". Now log into the remote server using the saved session so that an authentication key is generated and stored in Putty. Once you have generated an authentication key and are logged in you can exit your session and close Putty.
3. Now you can run <cfexecute> to SSH into the remote server and run .sh files.
arguments="/c C:\plink.exe -v root@firewall -pw MyPassword /cf/conf/putconfig.sh" timeout="5">
There was one "gotcha" I discovered with running the command using ColdFusion. I was able to run the plink command all day long from the cmd prompt:
C:\plink.exe -v root@firewall -pw MyPassword /cf/conf/putconfig.sh.
But when I tried to run it as an argument in <cfexecute> it would fail. I was stumped until I came across this blog post by Ben Forta.
Ben points out that in Windows, you need to insert "/c" as the first argument in the string in order to tell Windows to to spin up a command interpreter to run and terminate upon completion.
This Works: arguments="/c C:\plink.exe -v root@firewall -pw MyPassword /cf/conf/putconfig.sh" timeout="5"
This Doesn't Work: arguments="C:\plink.exe -v root@firewall -pw MyPassword /cf/conf/putconfig.sh" timeout="5"
That little extra had me spinning my wheels for the better part of a day until I ran across Ben's post.