Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have an alias for ssh'ing to my linux box from my mac machine.
But I am noticing something very weird, or may be I am being stupid.
When I use the alias it works, but when I use what the alias stands for it does not work. For example
bos-mp9ps:~ xyz$ alias ssh
alias ssh='ssh -A xyz#bos-lpaw1'
bos-mp9ps:~ xyz$ ssh -A xyz#bos-lpaw1
bash: xyz#bos-lpaw1: command not found
bos-mp9ps:~ xyz$ ssh
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-65-generic x86_64)
* Documentation: https://help.ubuntu.com/
429 packages can be updated.
0 updates are security updates.
New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
You have new mail.
Last login: Tue Jan 3 10:29:27 2017 from 172.19.37.47
xyz#bos-lpaw1:~$
Also I am able to ssh into my linux box from private home networks, but not from public networks such as starbucks etc. Do you know if I have to change anything for this ?
My /etc/hosts on linux machine looks like this:
bos-mp9ps:~ xyz$ cat /etc/hosts
# BEGIN hosts added by Pulse
23.79.238.45 vpn.company.com
# END hosts added by Pulse
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
When I use my linux's box's IP address to login it does not help and it brings me to same position
bos-mp9ps:~ xyz$ command ssh xyz#172.19.37.47
The authenticity of host '172.19.37.47 (172.19.37.47)' can't be established.
ECDSA key fingerprint is SHA256:MQwHj9JTw5d2Vzbz5h5hw2KxmhKmREVGIcrY+PrBxQc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.19.37.47' (ECDSA) to the list of known hosts.
Password:
Last login: Thu Dec 29 15:18:10 2016
Agent pid 971
bos-mp9ps:~ xyz$
Thank you for reading
The others have answered how do fix your alias, but I think the best way of doing this is actually to dispense with aliases altogether and use the ssh configuration file, which is usually in ~/.ssh/config. To match what your alias does, you would put something like this in it (assuming it's using OpenSSH or something similar):
Host linux
User xyz
HostName bos-lpaw1
ForwardAgent yes
With this in place, you would log in to the computer like this:
$ ssh linux
(you can give it any host alias you want, it doesn't have to be "linux").
Why should you do it this way? There are several advantages:
Since you're not hardcoding which host you're logging into like your original alias did, you are free to log into multiple different computers (but you can get this by making one alias for each target computer, so the alias method can also support this).
Host aliases described in .ssh/config are also recognized by rsync and scp. So you are automatically able to do stuff like rsync a.txt linux:b.txt to copy a.txt to the linux computer and naming it b.txt.
To be able to ssh into your computer from public networks, you need a way to get the IP address of your computer. You can either try to set this up using DNS (though that can be a hassle) or if your IP doesn't change very often you can just hard-code it. Of course, if you use Network Adress Translation you will probably need to set up port forwarding on your modem/router, so that incoming connections to your global address get forwarded to the correct local computer.
Problem
ssh is aliased to 'ssh -A xyz#bos-lpaw1'
so
ssh -A xyz#bos-lpaw1
is converted to
ssh -A xyz#bos-lpaw1 -A xyz#bos-lpaw1
So this command is trying to execute the "command" xyz#bos-lpaw1 by the user xyz on the server bos-lpaw1.
Solution
Another alias
Replace
alias ssh='ssh -A xyz#bos-lpaw1'
with
alias sshlpaw='ssh -A xyz#bos-lpaw1'
ssh is a very important program, overriding it with an alias isn't a good idea.
Prevent alias with command
For the cases where you need the usual ssh without alias, you can type :
command ssh -A xyz#bos-lpaw1
in your terminal.
use .ssh/config
see #amaurea's excellent answer.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 1 year ago.
Improve this question
I want to run a command on local system while I have ssh'd to a remote system in bash. Is there a way to do this? This is what I want:
#!/bin/bash
ssh mysystem#ip <<'SSH'
#Do something
#Run a command here on local machine and not on machine I have sshed to
#Do Something
exit
SSH
Edit: I want to echo some message and since echo command output won't show from remote machine, I want to run from local.
WHen you are using SSH, the key sequence <enter>~ is a escape prefix that allows you to pause SSH and send key sequences to the ssh client on the host-side.
The sequence <enter>~<ctrl + z> will pause (stop) the ssh-client job and drop you to a prompt in the calling system. Typing fg (if ou are on a Unix shell) will resume your ssh session afterwards.
You can see other ssh escape sequences avaiable by typing <enter>~?.
The sequence <enter>~. will terminate the connection and is very handy when your session is locked on the remote machine.
(Users with non-US keyboard layouts that use ~ as a dead-key to compose accents and digrams have, obviously, to type ~ twice in all of these sequences)
These sequences are of use from when you are operating the SSH session an d typign commands yourself, not for scripting.
Since you seem to want a way to that in scripts, the straightforward solution is to include an ssh command back to the originating host.
I have an approach which is pretty hacky, but it works.
Overview and security caveats
In brief, you use reverse SSH tunnelling to SSH back to your local machine and run a single command, and you connect back using your SSH keys so that no password is required.
NB This approach involves agent forwarding, which comes with a risk:
anyone with root access on the remote host can discreetly access your local SSH agent through the socket. They can use your keys to impersonate you on other machines on the network.
The risk is lessened in your case because the SSH session is only open for the duration of the command. But I'm not a security expert so can't comment further.
An alternative would be to generate a specific keypair just for this connection and use that, but I'm not sure how scriptable this would be.
The second security caveat is that this approach involves running an SSH server on your local machine. See my notes at the end of this answer for more on that.
Details
First of all, your SSH command needs some extra parameters:
ssh mysystem#ip -A -R 2900:localhost:22
-A forwards your credentials (detailed article on agent forwarding). You'll use them when connecting back to your local machine.
-R 2900:localhost:22 sets up the reverse tunnel. This means that on the remote machine you can run ssh -p2900 yourlocaluser#localhost and it'll SSH back to your local machine. Replace yourlocaluser with the user from your host machine (not the machine you're SSHing into). I picked 2900 as an arbitrary port. It needs to be higher than 1024, I think.
To avoid typing these every time, you can set them in your SSH config (~/.ssh/config) on your local machine. These are the relevant properties:
ForwardAgent yes
RemoteForward 2900 localhost:22
Also, you need to tell your local machine that SSH connections are allowed to connect to it using its own key pair(!) To do this, add the contents of your public key file (e.g. ~/.ssh/id_rsa.pub) to ~/.ssh/authorized_keys.
You can now connect to your remote machine and run a command like this to connect back to your local one:
ssh -t -p2900 yourlocaluser#localhost <command here>
Note, however, that the first time you connect back from the remote machine to your local one using the key, you'll get a warning that the host you're connecting to is unknown. Once you say that you want to continue connecting, it'll save the relevant details to ~/.ssh/known_hosts on the remote machine and not ask again.
You could log in and manually do an SSH to get the details saved. Alternatively, you can update the SSH command that you run on the remote machine, but it comes with an additional security caveat.
Here's the updated command:
ssh -o StrictHostKeyChecking=accept-new -t -p2900 yourlocaluser#localhost <command here>
The security risk is that you're accepting the key without reviewing it and making sure that it's what you're expecting, so you're vulnerable to man-in-the-middle attacks. Again, I'm no security expert, but given that you're connecting using an SSH tunnel rather than a regular SSH connection, I believe that this reduces the risk. If the known hosts file on the remote machine only contains the entry for your local machine, you could update your SSH config to replace the contents of that file with your local machine's key fingerprint from your local machine on login, and then remove -o StrictHostKeyChecking=accept-new from the above.
Note: If you're prompted for your password when trying to SSH back, that suggests that agent forwarding hasn't worked. You probably need to run ssh-add on your local machine or update your local SSH config for the host in question to include AddKeysToAgent yes.
Note about running sshd on your local machine
The above assumes that you're running sshd on your local machine, and thus accepting SSH connections to that machine. That's a security risk in itself. One way of reducing that risk is to specify that SSH is only allowed from localhost, which will work in this case because you're tunnelling back. You can find instructions on how to configure your local SSH server for this here: https://askubuntu.com/questions/179325/accepting-ssh-connections-only-from-localhost
You could also adapt the answer here and use netcat rather than SSH: https://superuser.com/a/1274810/126533
If you can change the script, you can use an expect script for that - expect_example_and_tips
This allows you to start an "ssh process" to which can send commands to the remote machine, while still running on the local machine.
Much easier in python though in my opinion - example:
#!/usr/bin/env python
import pexpect
PROMPT = "\$|\%|\>"
ssh_cmd = "ssh user#192.168.1.1"
try:
ssh = pexpect.spawn(ssh_cmd)
ssh.sendline("echo hello on remote")
ssh.expect(PROMPT)
print "hello on local machine"
ssh.close()
except Exception as e:
print e
sys.exit(2)
If you want to (for argument's sake) run date locally, just don't quote the here document, and any command substitution will be executed locally.
ssh mysystem#ip <<SSH # notice absence of quotes
echo I am logged in from $(uname -n) since $(date)
SSH
Here, the uname and date commands will be executed locally, before the ssh command runs, whereas the echo in the here document will then execute remotely.
(As an aside, there is no need to explicitly exit at the end; the shell will exit when it reaches the end of input. It's hard to imagine a scenario where anything else would make any sense whatsoever.)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to send a file from one Linux machine with IP suppose "192.168.2.25" to other Linux machine that's a server "192.168.2.110"
how can i do that by using Telnet command??
A simple option is to use netcat (nc). This is particularly useful on stripped down Linux systems where services like ssh and ftp are turned off.
On destination machine run the following command: nc -l -p 1234 > out.file
On source machine run the following command: nc -w 3 <dest-ip-adr> 1234 < out.file
For more details look, for example, here.
There are also netcat implementations for Windows, e.g. ncat.
While it may not be possible with only telnet, it is possible with telnet and netcat. Some of the examples above just referenced using netcat, but there have been times when I was on an old machine that was still in production that had telnet but not netcat. In this case, you can set netcat to listen on a newer, remote machine and telnet the file to it.
On the newer remote machine:
netcat -l <PORT> > OUTPUT.FILE
On the older telnet only machine:
cat FILE | telnet REMOTE-HOST PORT
Note that this works with text files. If you have a binary file of some sort you would need to do further manipulation on both ends.
Telnet just gives you a remote terminal session. The best you could do is telnet, open a new file in an editor and copy/paste the text from the local machine.
To copy files use something like rsync, scp, rcp or ftp.
Closed. This question is off-topic. It is not currently accepting answers.
Closed 10 years ago.
Locked. This question and its answers are locked because the question is off-topic but has historical significance. It is not currently accepting new answers or interactions.
I need to download a file from server to my desktop. (UBUNTU 10.04) I don't have a web access to the server, just ssh.
If it helps, my OS is Mac OS X and iTerm 2 as a terminal.
In your terminal, type:
scp your_username#remotehost.edu:foobar.txt /local/dir
replacing the username, host, remote filename, and local directory as appropriate.
If you want to access EC2 (or other service that requires authenticating with a private key), use the -i option:
scp -i key_file.pem your_username#remotehost.edu:/remote/dir/foobar.txt /local/dir
From: http://www.hypexr.org/linux_scp_help.php
You can do this with the scp command. scp uses the SSH protocol to copy files across system by extending the syntax of cp.
Copy something from another system to this system:
scp username#hostname:/path/to/remote/file /path/to/local/file
Copy something from this system to some other system:
scp /path/to/local/file username#hostname:/path/to/remote/file
Copy something from some system to some other system:
scp username1#hostname1:/path/to/file username2#hostname2:/path/to/other/file
scp is certainly the way to go, but for completeness you can also do:
$ ssh host 'cat /path/on/remote' > /path/on/local
or
$ cat /path/on/local | ssh host 'cat > /path/on/remote'
Note, this is UUOC, but < /path/on/local ssh host 'cat > /path' could cause unnecessary confusion.
And to proxy between two hosts:
$ ssh host1 'cat /path/on/host1' | ssh host2 'cat > /path/on/host2'
If the SSH server support SFTP subsystem (this is part of SSH, and unrelated to FTP), use sftp. If it don't, try scp.
CyberDuck support all of them.
how do I execute command/script on a remote linux box?
say I want to do service tomcat start on box b from box a.
I guess ssh is the best secured way for this, for example :
ssh -OPTIONS -p SSH_PORT user#remote_server "remote_command1; remote_command2; remote_script.sh"
where the OPTIONS have to be deployed according to your specific needs (for example, binding to ipv4 only) and your remote command could be starting your tomcat daemon.
Note:
If you do not want to be prompt at every ssh run, please also have a look to ssh-agent, and optionally to keychain if your system allows it. Key is... to understand the ssh keys exchange process. Please take a careful look to ssh_config (i.e. the ssh client config file) and sshd_config (i.e. the ssh server config file). Configuration filenames depend on your system, anyway you'll find them somewhere like /etc/sshd_config. Ideally, pls do not run ssh as root obviously but as a specific user on both sides, servers and client.
Some extra docs over the source project main pages :
ssh and ssh-agent
man ssh
http://www.snailbook.com/index.html
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
keychain
http://www.gentoo.org/doc/en/keychain-guide.xml
an older tuto in French (by myself :-) but might be useful too :
http://hornetbzz.developpez.com/tutoriels/debian/ssh/keychain/
ssh user#machine 'bash -s' < local_script.sh
or you can just
ssh user#machine "remote command to run"
If you don't want to deal with security and want to make it as exposed (aka "convenient") as possible for short term, and|or don't have ssh/telnet or key generation on all your hosts, you can can hack a one-liner together with netcat. Write a command to your target computer's port over the network and it will run it. Then you can block access to that port to a few "trusted" users or wrap it in a script that only allows certain commands to run. And use a low privilege user.
on the server
mkfifo /tmp/netfifo; nc -lk 4201 0</tmp/netfifo | bash -e &>/tmp/netfifo
This one liner reads whatever string you send into that port and pipes it into bash to be executed. stderr & stdout are dumped back into netfifo and sent back to the connecting host via nc.
on the client
To run a command remotely:
echo "ls" | nc HOST 4201
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
How can I run this on linux command line when my username has an # sign in the middle?
ftp -u user:password#host/destination_folder/ sourcefile.txt
My username is info#domain.com and it thinks my host is domain.com.
NOTE: This is an unattended upload, so I can't just type in the username and password.
Try this: use "%40" in place of the "#"
As an alternative, if you don't want to create config files, do the unattended upload with curl instead of ftp:
curl -u user:password -T file ftp://server/dir/file
Try to define the account in a ~/.netrc file like this:
machine host login info#domain.com password mypassword
Check man netrc for details.
I simply type ftp hostdomain.com and the very next prompt asked me to enter a name, if it wasn't the same as my current user.
I guess it depends on how your FTP is configured. That is, whether it assumes the same username (if not provided) or asks. the good news is that even without a solution, next time you face this it might Just Work⢠for you :D
A more complete answer would be it is not possible with ftp(at least the ftp program installed on centos 6).
Since you wanted an un-attended process, "pts"'s answer will work fine.
Do the unattended upload with curl instead of ftp:
curl -u user:password -T file ftp://server/dir/file
%40 doesn't appear to work.
[~]# ftp domain.com
ftp: connect: Connection refused
ftp> quit
[~]# ftp some_user%40domain.com#domain.com
ftp: some_user%40domain.com#domain.com: Name or service not known
ftp> quit
All I've got is to open the ftp program and use the domain and enter the user when asked. Usually, a password is required anyway, so the interactive nature probably isn't problematic.
[~]# ftp domain.com
Connected to domain.com (173.254.13.235).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 1000 allowed.
220-Local time is now 02:47. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (domain.com:user): some_user#domain.com
331 User some_user#domain.com OK. Password required
Password:
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
curl -f -s --disable-epsv -u someone#somewhere.com:gr8p455w0rd -T /some/dir/filename ftp://somewher.com/ByramHealthcareCenters/byram06-2011.csv
I've never seen the -u parameter. But if you want to use an "#", how about stating it as "\#"?
That way it should be interpreted as you intend. You know something like
ftp -u user\#domain.tld#ftp.host.tld