I'm trying to run a bash script and one of the tasks is to set up an SSH configuration, however when trying to add the key-agents, it requires that the passphrase be added (this is done once). For which I wanted to know if I could add the variable in the bash script and this would automatically add the requested passphrase.
In the current snippet of the bash script the last line ssh-add will run this as an alias within the sourceme file
'ssh-add ~/.ssh/id_rsa'
Bash Script
#!/usr/bin/env bash
echo "Running SSH Key Agent Setup"
echo "Change to SSH directory"
cd ~/.ssh/
echo "Run Sourceme File"
source ./sourceme
echo "Run Alias"
alias
echo "Set up SSH Agent"
sagent
echo "Add SSH Keys"
ssh-add
PASSPHRASE="RANDOM_PASSPHRASE"
Argument Request
Enter passphrase for /home/user/.ssh/id_rsa: (HERE ENTER PASSPHRASE AUTOMATICALLY)
Related
I have file shell scripe deploy.sh:
#!/bin/sh
echo "CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA" >> .env
exit
I create a file gitlab-ci.yml with script:
...
script:
- ...
- ssh -T -i "xxx.pem" -o "StrictHostKeyChecking=no" $EC2_ADDRESS 'bash -s' < deploy.sh
I connect to EC2 and check file .env result:
CI_COMMIT_SHORT_SHA=
deploy.sh file can not get value of variable CI_COMMIT_SHORT_SHA.
I want to result:
CI_COMMIT_SHORT_SHA=xxxx
How can I do that? Please help me!
The script appears to be executed on another server using ssh. Because of that the environment variables are not present.
You may pass the env variables directly using the ssh command:
ssh <machine> CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA <command>
I've been working on a bash script that automatically runs certain scripts on remote machines and saves the logs to certain folders. As of now I have been copying the local script to the remote machine, executing it into a remote log, copying the remote log into a local folder, and then deleting the remote log and remote copy of the script.
This works, but I know it can work better if I can avoid doing all the in between steps. The one caveat is I need this to be automatic and passwordless (meaning no user input at all). One of the scripts needs to be ran as root or it won't display all the necessary information and will userlock the machine temporarily.
The code I am currently using to execute the remoteScript into a log that I later retrieve with scp is below.
sshpass -f password.txt ssh user#1.1.1.1 "echo $password | sudo -S /home/user/remoteScript.sh > remoteLog.txt"
And in my testing, execution of local script on remote machine into local log file works like below
sshpass -f password.txt ssh user#1.1.1.1 "bash -s" < /home/user/localScript.sh >> localLog.txt
How could I combine the elements of the two code examples above in order to make a local script run on a remote machine with root privilege and log the output into a local text file?
Some things I have tried that do not work include:
sshpass -f password.txt ssh user#1.1.1.1 "bash -s" < "echo $password | sudo -S /home/user/script.sh >> log.txt"
sshpass -f password.txt ssh user#1.1.1.1 "echo $password | sudo -S /home/user/script.sh" >> log.txt
and notably
sshpass -f password.txt ssh user#1.1.1.1 echo $password | sudo -S /home/user/script.sh >> log.txt
which just executes the local script with root privilege on the local machine.
I have tried many variations of the above commands and I believe its some sort of piping or flow issue but I cannot figure it out. Is there anyway to do this?
Machines are Ubuntu 16.04 and you cannot ssh in already as root.
Thanks in advance
A) It might be worth looking into an orchestration/config management solution (e.g. ansible). It's a steep learning curve at first, but initial outlay will pay off on spades down the line if you're managing multiple servers.
B) Setup password-less sudo for the scripts you want to execute, so you don't have to pass around the password in plaintext, and can run without any input. In sudoers:
user ALL=(ALL) NOPASSWD:/home/user/script.sh
C) Setup an SSH key, so you don't need to use a password at all.
But in nutshell, the code you're looking for is something like:
cat /home/user/localScript.sh | ssh user#1.1.1.1 "sudo bash" > log.txt
Which executes a non-interactive bash shell as root on the remote machine, which will take commands to execute on standard in, and the standard output will come back over the ssh channel for you to write to your local log.
Look into &> or 2>&1 if you want standard error too.
I am using SSH command to execute the bash scripts remotely:
ssh user#server 'bash -s' < $script_dir/script.sh
And inside the script.sh, I will have the command like below:
ssh-keygen -t rsa
ssh-copy-id postgres#$sqlserver
ssh postgres#$sqlserver -C true
And also
printf "Creating user in postgresql server...\n"
createuser -s -P username
Which need user's input, but I found when I execute the command from the remote server, it will skip getting the users' input and failed.
Another one is:
printf "Please enter your barman server name: \n" ; read -s barmanserver
Which cannot read user's input neither
I know that the script seems cannot read the other terminal's input, but can anyone help me find a solution if I need the user input to continue?
Thanks a lot!!
Eva
I have used something like this in the past. I am not quite sure why I installed sshpass though.
apt-get install sshpass -y
echo "Adding users to new VMs"
adduser adminuser
echo "changing user password"
echo "adminuser:password" | chpasswd
adduser adminuser sudo
It does work, but it gives you some warning.
I am very new to bash scripting and learning on my own.
So, I am writing a simple script to add pass phrase to ssh-agent.
So I do:
#!/bin/bash
echo "Type your passphrase(followed by ENTER)"
read -s pass
echo ${pass}
ssh-agent bash
Now this is where I am confused.
Next, I want to enter the command ssh-add ~/.ssh/id_rsa that takes the input from read and executes itself.
How do I do that?
So the echo $pass was just to verify if the read was successful. That will be removed and has no meaning here. I just want to simplify the steps of doind this daily:
ssh-agent bash
ssh-add ~/.ssh/id_rsa
(Asks for pass phrase)
I would like to run this script where it directly asks for passphrase, which will be taken as variabe "pass" & it executes both commands for me.
ssh-agent bash
ssh-add ~/.ssh/id_rsa
I have opened a remote ssh session from a script and on remote server there is a file containing version information.
I am trying to assign that version to variable and move current version contents to folder name same as version.
The main script is running in jenkins
I am doing something like this
ssh -i /home/user/.ssh/id_rsa -t -t remoteServer<<EOF
cd $WEB_DIR
VERSION=$(cat $WEB_DIR/version.info)
mv -f $WEB_DIR $BACKUP_DIR/$VERSION
exit
EOF
My VERSION variable is always empty. When I run same locally on that server it gives me version value. Something is different over remote ssh session within a script
Actually I found the way to do it in 2 steps.
$WEB_DIR is set as local variable set in main script.
$WEB_DIR="/usr/local/tomcat/webapps/ROOT"
OLD_VERSION=$(ssh -i /home/user/.ssh/id_rsa -tt user#remoteServer "cat $WEB_DIR/version.info")
ssh -i /home/user/.ssh/id_rsa -t -t user#remoteServer<<EOF
cd $WEB_DIR
mv -f $WEB_DIR $BACKUP_DIR/$OLD_VERSION
# I am executing more commands in here
exit
EOF
Use of double quotes "" in first command is must if want to use local variable.