Force SSH to prompt for user - linux

Since I am very used to being prompted for my user-id while using putty or MobaXterm in SSH sessions I expected to have the same behaviour when using SSH in the windows terminal but that is not the case.
If I try it without specifying a user via
ssh <servername>
the command line will just use my windows user which I don't want to, since all of my hosts have too many technical users and entering them on the fly is way simpler for me than creating 3-4 a configs/profiles for each host.
I already tried creating a config file "C:\Users<my-user>.ssh\config" and played around with overwriting the "User" config via making a blank entry like
Host *
User
which obviously didn't work.
Do you think I need to write some sort of wrapper in order to get a proper "login as:" prompt or am I just missing some simple configuration that needs to be adapted?

Luckily I found a solution for this.
When creating a new profile I added the following line as a command:
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe /c "$login_user = Read-Host -Prompt 'login as'; ssh $login_user#<hostname>"
Replace the "<hostname>" above with whatever server you want to access.

Related

Using .netrc-file with Vim (as an alternative to DreamWeavers FTP-client)

I'm trying to use Vim as a substitute for DreamWeavers nice FTP-client sidebar. But I would like for Vim to 'remember' my logins, - so I don't need to get the FTP-address, the username and the password, every time I need to connect to a remote server, to make some changes.
I've made it as far as to figure out, that one can setup a .netrc-file, where you can save login-credentials (and possibly encrypt it using GPG, which I will look into, after I've goten this to work). I can find endless manuals and tutorials about how to setup the .netrc-file, - but no information on how to actually use this .netrc-file.
So if my .netrc-file looks like this:
machine <hostname1>
login <login1>
password <password1>
machine <hostname2>
login <login2>
password <password2>
Then how to I for instance connect to <hostname2>? Do I write vim <hostname2> - and if so, then what if I have several different remote servers on the same host (where the user and password-credentials vary)?
Ideally, I would like to just be able to write something along the lines of
vim ftp://MY_OWN_NICKNAME_FOR_A_REMOTE_SERVER
Whereafter Vim will find the credentials in the .netrc-file and connect me to the given server. How do I do this?
The .netrc file supplies vim with usernames and passwords of remote servers. On the command line, when vim is supplied with a hostname that matches a machine name defined in .netrc, it plugs in the username and password into the url. For example, if I wanted to connect to ftp.server1.com and automatically login I would need to do set up the following in my .netrc file:
$ < .netrc
machine ftp.server1.com login username password "secretpassword"
$ vim ftp://ftp.server1.com/
If I wanted multiple hostnames setup in my .netrc, I would just add a new entry:
$ < .netrc
machine ftp.server1.com login username password "secret password"
machine ftp.server2.com login username password "secretpassword1"
machine ftp.server3.com login different_username password "secretpassword2"
What may be confusing is that you can not alias the hostname. When I first starting using this feature, I thought machine was a variable I could supply -- but this is not the case. That said, a shell aliases will fill-in for vim's lack:
$alias server1=ftp://ftp.server1.com/
$vim $server1
Note: you need that trailing / on the urls to tell vim you're browsing. Also note there are further complications when using a windows os as detailed in :help netrw.

How can i save automatically the SSH_CLIENT at login?

i want to save the user's IP when he connects to it's home folder, this is because i'm a user in a server where my team has a folder where our public_html is located, but we use the same account, so i just want to register who connected.
So i want to make a script that triggers when a connection is made and save the user's IP into a hidden file.
But i don't know if i could leave running a script in background to do it, and How?
If you're a root on that machine, you can simply check the auth log / messages / journal / ... (depends on the distribution). By default sshd logs all you need already.
If you're not a root, then you'll have to keep in mind this will never be secure. You can do this in the user's bash profile, but:
Since it's running as the same user, whoever logs in can just change the file (you can't hide it)
Anyone can workaround the script by executing some other command instead of the shell (for example ssh user#host /some/command will not be logged)
It's not secret.
If that's ok with you, then you just need to add this to bashrc
echo "new connection at $(date) from ${SSH_CLIENT}" >> ~/your_connection_log
Different solution, which should've been the default actually. Most distributions provide login history which you can request for your account without root privileges.
Running last your_username should give you the details of last few logins which cannot be manipulated by the user. (the log can possibly be spammed with entries however)

How do I change users in FileZilla?

I am using FileZilla to log in to an SFTP host with my credentials. However, I need to use an equivalent of sudo su - user (as used in linux) to change the user. There are no passwords set for this general user, and hence direct login is not allowed.
What FTP command can I use with the "Enter custom command.." option in FileZilla to switch users after connecting?
(This is required so I can transfer files as a different user and not my login.)
SFTP protocol doesn't support changing user in the middle of transfer session (so no case to login and then change user with some custom command). But you can launch sftp server under needed user using sudo, by changing SFTP client configuration. Don't know whether this trick is supported by FileZilla, but it's supported by PuTTY or WinSCP. There in the sftp server settings you can specify something like "sudo /bin/sftp-server" in order to launch transfer session under different user.
For example, instruction how to do this with WinSCP:
https://winscp.net/eng/docs/faq_su#sudo

Vim not recognising username when trying to open a file over FTP (Mac OS X)

I'm trying to edit some files on a remote server with Vim. I've managed this on other servers without trouble in the past, but in this case when I type:
$ vim ftp://username#xxxxxx.com/
I'm prompted for a password, I type it in and I see this:
Name (notixvalet.com:george): User cannot log in.
Please login with USER and PASS.
Please login with USER and PASS.
Please login with USER and PASS.
ftp: Login failed
'george' is my username on my local machine (Mac OS X 10.8.) Vim seems to be ignoring the username I give it and trying to log on as 'george', no matter what I do. To test this I created a new account on my MacBook with the same username as the username on the server I'm trying to log in as, then from that account I can log in fine. This is obviously a VERY hacky solution - how can I connect using the right username from my regular account?
(Incidentally, the username and password I'm using are 100% definitely right - I can use them to connect to the server through an FTP client such as FileZilla.)
The plugin you are using to edit the remote files is netrw, as noted by Ingo in the comments. You can read the plugin help file through :h netrw. In special:
NETRC *netrw-netrc*
The <.netrc> file, typically located in your home directory, contains lines
therein which map a hostname (machine name) to the user id and password you
prefer to use with it.
The typical syntax for lines in a <.netrc> file is given as shown below.
Ftp under Unix usually supports <.netrc>; ftp under Windows usually doesn't.
>
machine {full machine name} login {user-id} password "{password}"
default login {user-id} password "{password}"
Your ftp client must handle the use of <.netrc> on its own, but if the
<.netrc> file exists, an ftp transfer will not ask for the user-id or
password.
Note:
Since this file contains passwords, make very sure nobody else can
read this file! Most programs will refuse to use a .netrc that is
readable for others. Don't forget that the system administrator can
still read the file! Ie. for Linux/Unix: chmod 600 .netrc
Is there any chance that you forgot to copy the ~/.netrc file from the other servers where you can connect without problems? Or it has incorrect permissions, as mentioned on the last paragraph?

Different password for SSH and Session(KDE, Gnome, etc.)

I'm use an Debian based OS here on my work an i've configured the service for test routines of ERP app...
This service (Tomcat+Java service) it's consumed via HTTP on intranet correctly...but the test leader sometimes need chance the database used by service application and uses SSH to access my machine to change database on config file and restart the service...eventually this person change some service or O.S. config throwing problems to me (on my O.S and others things..).
What i want know is if can i change my password only for SSH service (doesn't change to my KDE/Gnome session), just because the company's policy requires everyone to have a default password on stations...
Remebering that i'm a manager of config, maintenance and others jobs of service to test team...and change database solicitations can made to me.
A simple example:
KDE login if user 'carlos' and password '123456'
SSH login if user 'carlos' and password '4nyJokeHere'
That it's possible ?
Thanks in advance.
Possible? Maybe. You'd probably have to fiddle with pam.d to get SSH authenticating via a different mechanism to KDE etc.
Coming from a different angle, I may be missing something, can you not create a second user for the SSH process, keeping your main user for KDE etc cleanly separate?
I'd really strongly recommend trying to "split" a user into multiple purposes/security groups with differing passwords for each!
You can use authorized_keys to restrict the SSH commands available, and/or sudo...
Update: Some expansion on the subject as requested by the OP
You can limit commands available via SSH by using ~/.ssh/authorised_keys file - see O'Reilly for a good explanation.
I'm was solved this case applying a single rule here. On SSH service i'm was locked access of my user 'carlos --> sudoers' and enable access only for a user called 'padrao' (padrao translated to english is 'default').
This user 'padrao' doesn't have sudoers permissions. If i needed access with SSH my machine i'm do:
ssh padrao#my.intranet.machine
password: ***
$ su carlos
password: ***
This is not the best way to solve, but solved my problem here.
Thanks.

Resources