I would like to execute commands on my Radius Server (Amazon Linux) via Windows Powershell
These are the commands:
useradd -g radius-enabled username
yes -- -1 | sudo -u username google-authenticator -l testlabel -i testissuer -t -d -w 5 --no-rate-limit -f
1 basically adds a user then 2 creates an mfa token for the created user
This needs to be done via Windows Powershell so I can try to make a powershell script later on
First, I tried to manually SSH to the Linux Server via Powershell module SSHSessions:
(i have installed the SSHSession module, configured my sshd_config)
New-SshSession -ComputerName ? -Username -Password
Enter-SshSession -ComputerName
[ServerIPAddress]: /home/username # :
It shows that I have SSHed to the server and I am able to execute some commands such as "df -h"
but when I try to sudo, change directory or execute other commands, It just hangs and I cant stop it.
What would be the proper/best way to execute this? I have tried searching for related topics but it wouldn't fit my situation. I decided to ask a question here to be more specific and maybe gain reputation so I can upvote that other stackoverflow answers that helped me.
Thanks!
Related
I'm trying to execute sh script from Windows on Remote SUSE Linux using WinSCP .NET assembly.
I've created a session as follow:
$sessionOptions = New-Object WinSCP.SessionOptions -Property #
{
Protocol = [WinSCP.Protocol]::Sftp
HostName = "RemoteIp"
UserName = "username"
Password = "password"
}
$session = New-Object WinSCP.Session
I run the sh script
$session.ExecuteCommand("bash /home/script.sh" )
and I get permissions errors, for example:
rm: cannot remove '/somefolder': Permission denied.
Simple command like uname works fine.
Any idea how can I log in as root?
You have to run your command through sudo:
$session.ExecuteCommand("sudo bash /home/script.sh")
Though WinSCP does not support providing input to commands. So your remote system must be configured not to require sudo password (at all, or for that specific command).
Some references:
How do I change user after login (e.g. su root)?
Allowing automatic command execution as root on Linux using SSH.
Go to your WinSCP profile (Session > Sites > Site Manager)
Click on Edit > Advanced... > Environment > SFTP
Insert sudo su -c /usr/lib/sftp-server in "SFTP Server" (note this path might be different in your system)
Save and connect
This question already has answers here:
Execute sudo command on Linux from plink.exe on Windows
(4 answers)
Closed 2 years ago.
I'm attempting to shutdown a RHEL7 linux computer remotely from a windows computer in a non-interactive fashion using powershell and plink.
I can send commands and retrieve the result like so:
$plinkPath = "C:\somePath"
$ipAddress = "192.168.111.1"
$username = "userName"
$password = "password"
$resultPath = "C:\somewhere"
$resultFile = "someFile.txt"
& "$plinkPath\plink.exe" #("$ipAddress", "-l", "$username", "-pw", "$password", "(pwd)" | Out-File "$resultPath\$resultFile"
The command above prints the working directory in linux and saves it to file. However, I can't send a shutdown command like this because the command must be run as root on this computer. I believe there should be some syntax like the below to run a sudo command in a similar way:
& "$plinkPath\plink.exe" #("$ipAddress", "-l", "$username", "-pw", "$password", "(sudo ... shutdown -h now)") | Out-File "$resultPath\$resultFile"
Is there some way to send a shutdown command with sudo using this method?
Thanks.
Make sure that the user can indeed run sudo commands.
The issue might be that the user that is trying to run the command is requested to insert the sudo password.
In the sudoers file insert <YOUR_USERNAME> ALL=(ALL) NOPASSWD
I have to run few commands in Azure VM through Azure Devops release pipeline. I created SSH step and can successfully connect to remote VM. But having trouble running commands which requires sudo permissions.
e.g systemctl restart <some service>
errors :
##[error][sudo] password for ***:
##[error]Command failed with errors on remote machine.
i tried echo <password> | sudo -S systemctl restart <some service>. No luck.
What is secure way to accomplish this?
The only way to I was able to run sudo over ssh task was to make the sudoer as root memeber with no password for me as your agent might stuck in STDIN.
this article may help
https://www.shellhacks.com/how-to-grant-root-access-user-root-privileges-linux/
This is exactly what you need, it works in my azure devops pipeline on my ubuntu server:
https://serverfault.com/questions/772778/allowing-a-non-root-user-to-restart-a-service
Command for ssh task in azure pipeline:
sudo systemctl restart <some service>
and in linux machine (ubuntu in my case):
sudo visudo -f /etc/sudoers.d/90-clouding-ubuntu
add these two lines
Cmnd_Alias RESTART_SVC = /bin/systemctl restart <some service>
%<myuser> ALL=(ALL) NOPASSWD: RESTART_SVC
You must write right service name and right username (must have rights for sudo).
Had the same problem and found a way without changing root priviliges. My problem with the ssh script was "the agent stucks in the STDIN of the Password".
A script like:
echo <password> | sudo -S service solr stop
Works locally on the server, but somehow the agent still stucks on the STDIN. Here is another solution. I used a powershell script with Posh-SSH and not the default ssh step.
First of all you need to install Posh-SSH on your server:
https://github.com/darkoperator/Posh-SSH
there is also a small youtube tutorial for it. The installation script is:
Install-Module -Name Posh-SSH -force
Get-Module -ListAvailable -Name Posh-SSH
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Verbose
You only need to run it once. After you can create your Powershell script and make a SSHSession with your server:
$pass="<password>"|ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PsCredential('<user>',$pass)
$session = New-SSHSession -Computername <Server> -Credential $Cred -Force
To test your connection:
Get-SSHSession
And now you can run the script like this:
Invoke-SSHCommand -command "echo <password> | sudo -S service solr stop" -SessionId 0
And at the end close the connection:
Remove-SSHSession 0
I have to run few commands in Azure VM through Azure Devops release pipeline. I created SSH step and can successfully connect to remote VM. But having trouble running commands which requires sudo permissions.
e.g systemctl restart <some service>
errors :
##[error][sudo] password for ***:
##[error]Command failed with errors on remote machine.
i tried echo <password> | sudo -S systemctl restart <some service>. No luck.
What is secure way to accomplish this?
The only way to I was able to run sudo over ssh task was to make the sudoer as root memeber with no password for me as your agent might stuck in STDIN.
this article may help
https://www.shellhacks.com/how-to-grant-root-access-user-root-privileges-linux/
This is exactly what you need, it works in my azure devops pipeline on my ubuntu server:
https://serverfault.com/questions/772778/allowing-a-non-root-user-to-restart-a-service
Command for ssh task in azure pipeline:
sudo systemctl restart <some service>
and in linux machine (ubuntu in my case):
sudo visudo -f /etc/sudoers.d/90-clouding-ubuntu
add these two lines
Cmnd_Alias RESTART_SVC = /bin/systemctl restart <some service>
%<myuser> ALL=(ALL) NOPASSWD: RESTART_SVC
You must write right service name and right username (must have rights for sudo).
Had the same problem and found a way without changing root priviliges. My problem with the ssh script was "the agent stucks in the STDIN of the Password".
A script like:
echo <password> | sudo -S service solr stop
Works locally on the server, but somehow the agent still stucks on the STDIN. Here is another solution. I used a powershell script with Posh-SSH and not the default ssh step.
First of all you need to install Posh-SSH on your server:
https://github.com/darkoperator/Posh-SSH
there is also a small youtube tutorial for it. The installation script is:
Install-Module -Name Posh-SSH -force
Get-Module -ListAvailable -Name Posh-SSH
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Verbose
You only need to run it once. After you can create your Powershell script and make a SSHSession with your server:
$pass="<password>"|ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PsCredential('<user>',$pass)
$session = New-SSHSession -Computername <Server> -Credential $Cred -Force
To test your connection:
Get-SSHSession
And now you can run the script like this:
Invoke-SSHCommand -command "echo <password> | sudo -S service solr stop" -SessionId 0
And at the end close the connection:
Remove-SSHSession 0
My perl scripts should be able to change the common account to root account during execution and then continue to the rest commands. But I don't know how to do:
Change to root account and able to automatically pass authentication, I used following code, but failed.
system "echo \"$password\" | sudo -S su root";
Able to continue to do the rest scriptsI found when using scripts to change account (simply try system "sudo su";) , it is not able to execute rest scripts
I need to export proxy, but when i using the following code, it does not work:
system "export http_proxy=http://proxy.companyname.com:8080";
If you have to execute other scripts to be executed with root and you have perl ssh module installed then you can open a ssh session to the localhost with root user and start executing your scripts from there.
my $ssh = Net::SSH::Perl->new("host1");
$ssh->login("root", "pass1");
$ssh->cmd("sh /opt/...");
perhaps try backticks?
my $sudo = `echo \"$password\" | sudo -S su root`;
also similar for the export.
my $exp = `export http_proxy=http://proxy.companyname.com:8080`;