Unable to connect, And not sure how many ways I can type "bandit0" for a password
ssh is not telnet with its general syntax of telnet server port. I believe even in Windows the basic usage of ssh is like:
ssh [-p port] [user#]server [command]
You did ssh bandit0#bandit.labs.overthewire.org 2220. You connected to the default port (22) and 2220 was the command.
It so happens there is a server on port 22, but this is not the server that accepts the credentials you know.
The command 2220 was never invoked because you failed to authenticate in the first place. Instead of 2220 it could have been anything, it wouldn't be invoked either.
You want to connect like this:
ssh -p 2220 bandit0#bandit.labs.overthewire.org
if you do not have this problem "Too many authentication failures", use this:
ssh bandit0#bandit.labs.overthewire.org -p 2220
if you are a windows user, it is better to use PuTTY than cmd.exe to play this game:
host name: bandit.labs.overthewire.org
port: 2220
open
login as: bandit0
password: bandit0
done
Bandit
Related
I am new to linux and shell scripting. I want to connect to localhost and interact it.
#! /bin/bash
(exec /opt/scripts/run_server.sh)
when i execute this bash script, it starts listening on a port.
Listening on port xxxxx
Now i want to issue this command "telnet localhost xxxxx"
I tried something like this:
#! /bin/bash
(exec /opt/opencog/scripts/run_server.sh)&&
telnet localhost xxxxx
It is still listening on the port. But i think second command is not running. I expect another window showing that it is being connected like this.
vishnu#xps15:~$ telnet localhost xxxx
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
server>
The reason why i executing these as a script is that, automatically in the server i need to carry out some process by issuing certain commands like this "scm" "parse" etc.....
vishnu#xps15:~$ telnet localhost xxxx
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
server>scm
Entering scheme shell; use ^D or a single . on a line by itself to exit.
guile> (parse "i eat apple")
I have lots of text coming. Manually i cant issue this parse command for each and every sentence. so i want to automate. So i need to write a script for connecting to the server and interacting.
Any guidelines. Finally How to interact/send commands to this guile shell?
One way to login to the linux server as a same or different user and run some command or .sh script (very useful for post-commit hooks or cron jobs) is to use program called sshpass, for example a cron job command or svn post-commit hook would look like this:
/usr/bin/sshpass -p 'password' /usr/bin/ssh
-o StrictHostKeyChecking=no -q user#localhost 'any command'
Just replace password with your password, and user with your user, and put command that you need to run as that particular user...
To install sshpass it on ubuntu just type
apt-get install sshpass
Or on CentOs
yum install sshpass
I solved this with the netcat (nc) command.
$ echo "command1\ncommand2\n" | nc localhost xxxxx
I could manually connect to localhost using telnet localhost xxxx and then i can pass commands from shell to localhost like this.
If you need to use telnet, this solution may help you. Otherwise, use ssh, as other answer suggests.
You can use anything that produces output to write lines one by one, followed by "\r\n", and pipe these lines to ncat, e.g.:
echo -e "command1\r\ncommand2\r\n" | ncat localhost 5000
-e option makes echo interpret "\r\n" as special symbols.
I'm using keychain, which manages my key(s) with ssh-agent perfectly.
I want to check the state of ssh-agent on each linux host. I tried with :
ssh-add -l
1024 f7:51:28:ea:98:45:XX:XX:XX:XX:XX:XX /root/.ssh/id_rsa (RSA)
Locally, this command works and is coherent.
But with a distant SSH command, I don't know why the result is not the same.. :
## host1, locally
ssh-add -l
1024 f7:51:28:ea:98:45:XX:XX:XX:XX:XX:XX /root/.ssh/id_rsa (RSA)
## host 2, command to host1 :
ssh host1 "ssh-add -l"
Could not open a connection to your authentication agent.
Maybe someone could explain me ? It't disturbing, because I would to monitor ssh-agent states..
Thanks.
EDIT : Even with SSH Agent Forwarding enabled, the distant command returns only the local state of agent. Other distant commands works, with or without key loaded..
## Host1, locally
ssh-add -l
1024 f7:51:28:ea:98:45:XX:XX:XX:XX:XX:XX /root/.ssh/id_rsa (RSA)
## From Host2, locally and distant :
ssh-add -l
The agent has no identities.
ssh -A host1 "ssh-add -l"
The agent has no identities.
You seem to misunderstand how keychain/ssh-agent work. When you log onto a system (we'll call it 'home'), it starts a program. As part of starting this program it exposes a file that ssh-add can connect to. When the name of this file is stored in the SSH_AUTH_SOCK variable, it becomes accessible by ssh and by ssh-add when run with this enviroment variable set appropriately.
When you ssh to a remote system, if the ForwardAgent property is set to true in your configuration, a channel is established allowing this key information to pass from your 'home' system to the system that you've ssh'd to. In order to expose this key information, another SSH_AUTH_SOCK variable is set on this remote system. So now we have:
# home system (host1)
host1$ ssh-add -l
1024 BLAH....
host1$ echo $SSH_AUTH_SOCK
/tmp/ssh-YJNLu2LFMKbO/agent.1472
home$ ssh -A host2
host2$ ssh-add -l
1024 BLAH
host2$ echo $SSH_AUTH_SOCK
/tmp/ssh-vqdu733feY/agent.23877
host2$ ssh -A host1
host1$ ssh-add -l
1024 BLAH
host1$ echo $SSH_AUTH_SOCK
/tmp/ssh-fuKgOaaQ7b/agent.23951
so with every connection, a socket is created on the remote system to ferry the key data through the chain to the original 'home' system. So in this example:
ssh-agent(on host1) makes a SOCKET -> ssh(host2) [provides a SOCKET connecting back to the SOCKET on host1] -> ssh(host1) [provides a SOCKET connecting back to the socket on host2]
So ssh, once you connect to the remote system is providing a socket that connects back to the socket from the system that it came from.
If you log on to a system directly (e.g. logging onto host2 at the console), then there is absolutely no connection back to host1. If an agent is started on host2, then it provides it's own, private socket, that you are communicating with.
Where things can go wrong:
You've enabled agent forwarding on your connection from host1 -> host2; however the script that runs at login on host2 ignores the presence of this socket and starts it's own private agent on host2. As a result when you ask for lists of registered keys using ssh-add -l, it talks to the socket provided by the agent running on host2. This agent does not have access to the keys from host1 as it ignored the socket.
agent forwarding can be disabled by the sshd_config, which means that the server administrator has configured the system to prevent people forwarding their agent information into this system (if there's an AllowAgentForwarding no line in the sshd_config then this would be the case).
The first case would be when there is a badly written login script that ignores the presence of the variable - i.e. it doesn't properly detect the fact that the connection is remote and there is a socket being forwarded - this is rare, but can happen. If it does then the script would need to be rewritten to detect this case.
If the administrator of the remote system has disabled agent forwarding, then you need to ask for it to be enabled.
I have a user that is only allowed to open a ssh connection for a port forwarding.
Example from the .ssh/authorized_keys:
no-pty,no-X11-forwarding,permitopen="localhost:1237",command="/bin/echo INTERACTIVE SHELL NOT SUPPORTED" ssh-rsa AAAA ...
Is there a way to execute a script as soon as this user opens the port forwarding? If the user would login with ssh I could use a .bashrc file or something like that. But in this case no shell is executed.
regards
frafu
I'm currently facing a weird problem while executing a command from my bash script.
My script has this command,
ssh IPAddressA -l root "ssh -l root IPAddressB ls"
where IPAddressA & IPAddressB would be replaced by hard coded IP addresses of two machines accessible from each other.
The user would enter the password whenever asked. But, I'm getting this error after I enter the IPAddressA's password.
root#IPAddressA's password:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
]$
There's a better trick for that..
In ~/.ssh/config add a host entry for IPAddressA, configured like so:
Host IPAddressA
User someguy
ProxyCommand ssh -q someguy#IPAddressB nc -q0 %h 22
The slick thing about this method is that you can scp/sftp to IPAddressB without any weird stuff on your shell command line.
For bonus points, generate yourself a public key-pair and drop the public key on both IPAddressA and IPAddressB in ~/.ssh/authorized_keys. If you don't put a password on it, you won't even be bothered to enter that.
Additionally, if you're trying to get access to a remote LAN that only has a single entry point - SSH can actually act as a VPN client, bridging you through the proxy host. Of course, the remote end needs to support tap/tun devices (as does your local machine)... But if it's all there already.. super painless mechanism to bridge.
When the inner ssh password is prompted, there's no interactive keyboard available. You can get what you want with ssh tunneling.
ssh root#IPAddressA -L2222:IPAddressB:22 -Nf
ssh root#localhost -p2222
The first line open a tunnel, so your localhost 2222 port points to IPAddressB:22 andd bring the ssh process in background (-f) without executing a command (-N)
The second line connects IPAddressB:22 through the new opened tunnel
how do I execute command/script on a remote linux box?
say I want to do service tomcat start on box b from box a.
I guess ssh is the best secured way for this, for example :
ssh -OPTIONS -p SSH_PORT user#remote_server "remote_command1; remote_command2; remote_script.sh"
where the OPTIONS have to be deployed according to your specific needs (for example, binding to ipv4 only) and your remote command could be starting your tomcat daemon.
Note:
If you do not want to be prompt at every ssh run, please also have a look to ssh-agent, and optionally to keychain if your system allows it. Key is... to understand the ssh keys exchange process. Please take a careful look to ssh_config (i.e. the ssh client config file) and sshd_config (i.e. the ssh server config file). Configuration filenames depend on your system, anyway you'll find them somewhere like /etc/sshd_config. Ideally, pls do not run ssh as root obviously but as a specific user on both sides, servers and client.
Some extra docs over the source project main pages :
ssh and ssh-agent
man ssh
http://www.snailbook.com/index.html
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
keychain
http://www.gentoo.org/doc/en/keychain-guide.xml
an older tuto in French (by myself :-) but might be useful too :
http://hornetbzz.developpez.com/tutoriels/debian/ssh/keychain/
ssh user#machine 'bash -s' < local_script.sh
or you can just
ssh user#machine "remote command to run"
If you don't want to deal with security and want to make it as exposed (aka "convenient") as possible for short term, and|or don't have ssh/telnet or key generation on all your hosts, you can can hack a one-liner together with netcat. Write a command to your target computer's port over the network and it will run it. Then you can block access to that port to a few "trusted" users or wrap it in a script that only allows certain commands to run. And use a low privilege user.
on the server
mkfifo /tmp/netfifo; nc -lk 4201 0</tmp/netfifo | bash -e &>/tmp/netfifo
This one liner reads whatever string you send into that port and pipes it into bash to be executed. stderr & stdout are dumped back into netfifo and sent back to the connecting host via nc.
on the client
To run a command remotely:
echo "ls" | nc HOST 4201