I fear you will have to use CreateFile together with the appropriate SECURITY_ATTRIBUTES. Maybe you can get around this by "only" having a small race condition by using a named pipe (CreateFile('\\\\.\\pipe\\net-ssh-any-pipe', ... ). The named pipe should roughly appear to a client as a line based file, and will not be stored on disk.

Still, the proper way would be to set up the appropriate SECURITY_ATTRIBUTES in a way that only child processes of the current process are allowed to access that pipe (or a tempfile).

Unfortunately, I don't find a handy example of how to configure an appropriate security descriptor on the MSDN. I guess that creating a DACL (if possible) that only lists the child process as allowed to read would be a good approach.