I am having an issue with my web host changing the permission of one of my configuration files for my website. No matter how many times I change the permissions, they always revert back to writable after a day or so. The web host has been unable to resolve the issue, so I thought I'd try to use a script to ssh into my account and change the permissions daily.
My only problem so far is that it prompts me for my ssh key password in the terminal when I execute the script. How can I get this to work automatically so that I can set it to run daily from my computer without my intervention?
#!/bin/sh
ssh mydomain 'bash -s' << EOF
cd public_html
chmod 400 configuration.php
EOF
Thanks for any advice!
Add your public key to ~/.ssh/authorized_keys on the remote host. The key you are using should not have a password if you want to use it in this way.
Nowadays, this is simply done with the command
ssh-copy-id user#remote_server
I was able to answer my own question after coming across a script on another user's question. I just had to think of a different way of getting the task done. Instead of logging in to my web host via ssh, I just created a script on my web host account and put it in the crontab.
#!/bin/bash
file=configuration.php
if [ -w "$file" ]
then
chmod 400 "$file" && echo "The file permissions have been set to 400." >> log.txt
elif [ ! -w "$file" ]
echo "The file is not writable." >> log.txt
fi
Related
I am using a bash script in Linux to transfer files to a server. My script is running from cron and I have directed output to a file but I cannot know from logs if the file has been transferred to B server or not.
This is the cron:
1>>/home/owais/script_test/logs/res_sim_script.logs 2>>/home/owais/script_test/logs/res_sim.logs
And the FTP is as below:
cd ${dir}
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
lcd $dir
cd $destDir
bin
prompt
put FILENAME
bye
The only thing that I get in the logs is:
Local directory now Directory_Name
Interactive mode off.
Instead of using FTP, there is rsync. Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to or from another host over any remote shell, or to, or from a remote rsync daemon.
More information at the following webpage, https://linux.die.net/man/1/rsync
I have used ftp -inv Host << EOF >> LogFilePath and it worked. Thank you all for the support
I've been working on a bash script that automatically runs certain scripts on remote machines and saves the logs to certain folders. As of now I have been copying the local script to the remote machine, executing it into a remote log, copying the remote log into a local folder, and then deleting the remote log and remote copy of the script.
This works, but I know it can work better if I can avoid doing all the in between steps. The one caveat is I need this to be automatic and passwordless (meaning no user input at all). One of the scripts needs to be ran as root or it won't display all the necessary information and will userlock the machine temporarily.
The code I am currently using to execute the remoteScript into a log that I later retrieve with scp is below.
sshpass -f password.txt ssh user#1.1.1.1 "echo $password | sudo -S /home/user/remoteScript.sh > remoteLog.txt"
And in my testing, execution of local script on remote machine into local log file works like below
sshpass -f password.txt ssh user#1.1.1.1 "bash -s" < /home/user/localScript.sh >> localLog.txt
How could I combine the elements of the two code examples above in order to make a local script run on a remote machine with root privilege and log the output into a local text file?
Some things I have tried that do not work include:
sshpass -f password.txt ssh user#1.1.1.1 "bash -s" < "echo $password | sudo -S /home/user/script.sh >> log.txt"
sshpass -f password.txt ssh user#1.1.1.1 "echo $password | sudo -S /home/user/script.sh" >> log.txt
and notably
sshpass -f password.txt ssh user#1.1.1.1 echo $password | sudo -S /home/user/script.sh >> log.txt
which just executes the local script with root privilege on the local machine.
I have tried many variations of the above commands and I believe its some sort of piping or flow issue but I cannot figure it out. Is there anyway to do this?
Machines are Ubuntu 16.04 and you cannot ssh in already as root.
Thanks in advance
A) It might be worth looking into an orchestration/config management solution (e.g. ansible). It's a steep learning curve at first, but initial outlay will pay off on spades down the line if you're managing multiple servers.
B) Setup password-less sudo for the scripts you want to execute, so you don't have to pass around the password in plaintext, and can run without any input. In sudoers:
user ALL=(ALL) NOPASSWD:/home/user/script.sh
C) Setup an SSH key, so you don't need to use a password at all.
But in nutshell, the code you're looking for is something like:
cat /home/user/localScript.sh | ssh user#1.1.1.1 "sudo bash" > log.txt
Which executes a non-interactive bash shell as root on the remote machine, which will take commands to execute on standard in, and the standard output will come back over the ssh channel for you to write to your local log.
Look into &> or 2>&1 if you want standard error too.
How can you make SSH read the password from stdin, which it doesn't do by default?
based on this post you can do:
Create a command which open a ssh session using SSH_ASKPASS (seek SSH_ASKPASS on man ssh)
$ cat > ssh_session <<EOF
export SSH_ASKPASS="/path/to/script_returning_pass"
setsid ssh "your_user"#"your_host"
EOF
NOTE: To avoid ssh to try to ask on tty we use setsid
Create a script which returns your password (note echo "echo)
$ echo "echo your_ssh_password" > /path/to/script_returning_pass
Make them executable
$ chmod +x ssh_session
$ chmod +x /path/to/script_returning_pass
try it
$ ./ssh_session
Keep in mind that ssh stands for secure shell, and if you store your user, host and password in plain text files you are misleading the tool an creating a possible security gap
You can use sshpass which is for example in the offical debian repositories. Example:
$ apt-get install sshpass
$ sshpass -p 'password' ssh username#server
You can't with most SSH clients. You can work around it with by using SSH API's, like Paramiko for Python. Be careful not to overrule all security policies.
Distilling this answer leaves a simple and generic script:
#!/bin/bash
[[ $1 =~ password: ]] && cat || SSH_ASKPASS="$0" DISPLAY=nothing:0 exec setsid "$#"
Save it as pass, do a chmod +x pass and then use it like this:
$ echo mypass | pass ssh user#host ...
If its first argument contains password: then it passes its input to its output (cat) otherwise it launches whatver was presented after setting itself as the SSH_ASKPASS program.
When ssh encounters both SSH_ASKPASS AND DISPLAY set, it will launch the program referred to by SSH_ASKPASS, passing it the prompt user#host's password:
An old post reviving...
I found this one while looking for a solution to the exact same problem, I found something and I hope someone will one day find it useful:
Install ssh-askpass program (apt-get, yum ...)
Set the SSH_ASKPASS variable (export SSH_ASKPASS=/usr/bin/ssh-askpass)
From a terminal open a new ssh connection without an undefined TERMINAL variable (setsid ssh user#host)
This looks simple enough to be secure but did not check yet (just using in a local secure context).
Here we are.
FreeBSD mailing list recommends the expect library.
If you need a programmatic ssh login, you really ought to be using public key logins, however -- obviously there are a lot fewer security holes this way as compared to using an external library to pass a password through stdin.
a better sshpass alternative is :
https://github.com/clarkwang/passh
I got problems with sshpass, if ssh server is not added to my known_hosts sshpass will not show me any message, passh do not have this problem.
I'm not sure the reason you need this functionality but it seems you can get this behavior with ssh-keygen.
It allows you to login to a server without using a password by having a private RSA key on your computer and a public RSA key on the server.
http://www.linuxproblem.org/art_9.html
This seems to be a simple issue but, I'm not able to figure it out. I am trying to run a couple of small scripts on a server and i'm having issues with that. i have an allhosts file that has the list of servers which is in the same location as that of the .sh file.
script to create a directory structure across all the 20 servers with 777 permissions
#!bin/bash
for q in `cat allhosts`
do
ssh $q "mkdir -p /opt/acd/hgf/tom/hanks/"
chmod -R 777 $q "/opt/acd/hgf/tom/hanks/" >/dev/null 2>&1
done
in the above script, it is only creating the directory paths and not changing the permissions for that path. I tried running that chmod command in a separate script, but no use..
script to scp the contents of hanks to the hanks folder created in the new server.
#!bin/bash
for q in `cat allhosts`
do
scp /opt/acd/hgf/tom/hanks/* $q:/opt/acd/hgf/tom/hanks/ >/dev/null 2>&1
done
in this script too, when i run it, its not copying anything to any of the servers.
i know this is a very small issue, but please check and let me know where I am going wrong. thanks in advance..
The first script is failing because it is running the chmod on the local machine. You should run it on the remote machine via ssh - you could combine this with the other ssh invocation as follows:
ssh $q "mkdir -p /opt/acd/hgf/tom/hanks/ ; chmod -R 777 /opt/acd/hgf/tom/hanks/"
I'd guess the second script is failing because the first script isn't setting permissions; it looks okay.
I would like to synchronize two folders with each other. It should go two ways, always keeping the folders up to date (I use a regular cronjob). However, first I do not get the two way file transfer to work (it just downloads from the ftp and not the opposite).
Secondly, it downloads the whole content from the ftp, even though the login information has been set up on the ftp so that access is only restricted to a specific folder. Why??
Here is the code (thanks in advance!):
#!/bin/bash
#get username and password
USER=username
PASS=password
HOST="myftpserver.com/users/user1/" #here I have tried with only specifying server name as well as including whole path
LCD="~/Desktop/localfolder/"
RCD="users/user1/"
lftp -c "set ftp:list-options -a;
open ftp://$USER:$PASS#$HOST;
lcd $LCD;
mirror -c --reverse --verbose $LCD $RCD" #I have tried a few different options w/o result
You probably don't need this anymore (4 years late) but I'll just update this, and if someone get's here with the same issue here's a help.
Local directory to FTP server directory
If you want to sync the FTP server folder with the content in your folder you should use something like this
#!/bin/bash
#get username and password
USER=username #Your username
PASS=password #Your password
HOST="myftpserver.com" #Keep just the address
LCD="~/Desktop/localfolder" #Your local directory
RCD="/users/user" #FTP server directory
lftp -f "
open $HOST
user $USER $PASS
lcd $LCD
mirror --continue --reverse --delete --verbose $LCD $RCD
bye
"
FTP server directory to your local directory
Simply remove the --reverse and swap the folders in the mirror command.
#!/bin/bash
#get username and password
USER=username #Your username
PASS=password #Your password
HOST="myftpserver.com" #Keep just the address
LCD="~/Desktop/localfolder" #Your local directory
RCD="/users/user" #FTP server directory
lftp -f "
open $HOST
user $USER $PASS
lcd $LCD
mirror --continue --delete --verbose $RCD $LCD
bye
"
To do something like you commented in the question, sync both ways and keep the most updated value from each, i don't believe it's possible using lftp alone you'll need something to detect the change and decide which script use.
if sync the remote FTP server folder to the local folder and using lftp-4.9 above, please try this script:
#!/bin/bash
LFTP_HOME=/home/lftp-4.9.2
#get username and password
REMOTE_FTP_USER="user"
REMOTE_FTP_PASS="passwd"
REMOTE_HOST="ftp-server"
REMOTE_PORT="ftp-pport"
LOCAL_FOLDER="/home/ftpRoot/backup_mirror/"
REMOTE_FOLDER="/"
cd $LOCAL_FOLDER
$LFTP_HOME/bin/lftp -f "
open -p $REMOTE_PORT $REMOTE_HOST
user $REMOTE_FTP_USER $REMOTE_FTP_PASS
mirror -c -e --verbose --target-directory=$LOCAL_FOLDer $REMOTE_FILDER
bye
"