Run Windows Script with several tunnels for Linux - linux

I'm trying to create a Script in Linux with several tunnels for several servers and run a script in that servers.
Basically i've a DailyCheck.sh in 8 machines RedHat and i've a tunnel for each one in windows with:
"putty.exe user#xxx.xxx.xxx.xxx -pw <password> -L port:127.0.0.1:port"
And i open each one and run the command DailyCheck.sh.
What i want is one file in Windows with:
"putty.exe user#xxx.xxx.xxx.xxx -pw <password> -L port:127.0.0.1:port"
sudo su -
./dailyCheck.sh
<delay if necessary>
"putty.exe user#xxx.xxx.xxx.xxx -pw <password> -L port:127.0.0.1:port"
sudo su -
./dailyCheck.sh
(....)
we have any way to do this?
Thanks & Best Regards,
André.

I recommend you would - instead of tunnels - set up proxy command for each host. Then use remote command execution to run the script on remote.
Also, to get better answers, I recommend tags ssh and putty.

Related

ssh sudo to a different user execute commands on remote Linux server

We have a password less authentication between the server for root user, I am trying to run the alias on remote server as below
#ssh remoteserver runuser -l wasadmin wasstart
But it is not working. Any suggestions or any other method to achieve it
Based on your comments as you need to sudo to wasadmin in order to run wasadmin, you can try this:
ssh remoteserver 'echo /path/to/wasadmin wasstart | sudo su - wasadmin'
For add an alias in linux you must run
alias youcommandname=‘command’
Notice:
This will work until you close or exit from current shell . To fix this issue just add this to you .bash_profile and run source .bash_profile
Also your profile file name depending on which shell you using . bash , zsh ,...

cd to directory and su to particular user on remote server in script

I have some tasks to do on a remote Ubuntu CLI-only server in our offices every 2 weeks. I usually type the commands one by one, but I am trying to find a way (write a script maybe?) to decrease the time I spend in repeating those first steps.
Here is what I do:
ssh my_username#my_local_server
# asks for my_username password
cd /path/to/particular/folder
su particular_user_on_local_server
# asks for particular_user_on_local_server password
And then I can do my tasks (run some Ruby script on Rails applications, copy/remove files, restart services, etc.)
I am trying to find a way to do this in a one-step script/command:
"ssh connect then cd to directory then su to this user"
I tried to use the following:
ssh username#server 'cd /some/path/to/folder ; su other_user'
# => does not keep my connection open to the server, just execute my `cd`
# and then tells me `su: must be run from terminal`
ssh username#server 'cd /some/path/to/folder ; bash ; su other_user'
# => keeps my connection open to the server but doesn't switch to user
# and I don't see the usual `username:~/current/folder` prefix in the CLI
Is there a way to open a terminal (keep connection) on a remote server via ssh and change directory + switch to particular in a automated way? (to make things harder, I'm using Yakuake)
You can force allocation of a pseudo-terminal with -t, change to the desired directory and then replace the shell with one where you are the desired user:
ssh -t username#server 'cd /some/path/to/folder && exec bash -c "su other_user"'
sudo -H keeps the current working directory, so you could do:
ssh -t login_user#host.com 'cd /path/to/dir/; sudo -H -u other_user bash'
The -t parameter of ssh is needed otherwise the second sudo won't be able to ask you for your password.

how to sudo su during ssh remote command

I am writing a bash script to scan multiple linux machines for a line to see if it meets standards for the organization:
grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin
I am doing this using the ssh command like this:
ssh -q <<HOSTNAME>> grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin
the problem is as follows:
The box I am on (the Jump Box) cannot sudo into root and then execute ssh. (I know, weird)
The box I am on has UserA, which is on all servers. UserA is on the list of sudoers in which I can execute sudo su - manually on each box. (I want to automate this.
/sbin/sulogin is a root only file. and cannot see the file under any other user.
how do I include sudo su - into the ssh command to ssh into the server, then sudo su -, then scan the file I need?
Thanks.
Try this. user has to be part of sudoers.
ssh -t user#hostname 'sudo grep "sulogin" /etc/inittab ~:S:wait:/sbin/sulogin'

SSH and sudo over a pseudo-tty terminal

I am trying to overcome some limitations in our environment to write up an authorized SSH file for passwordless ssh keys.
I am requiring to perform an ssh as a to a target system, and then run a "sudo su - , and then update the service account authorized_keys with a key"
This eventually has to go onto my ansible scripts.
I am using "ssh -t user#target "sudo su - service-user" - which actually successfully gets me into a shell for service-user. But I am not able to figure out a way to pass along the file modify commands with the above.
Any tips or alternative options?
Note: I need to use "ssh -t" option as the requiretty is not set on target systems.
Cheers!
Depending on what transport you're using you can use ssh_args.
OpenSSH is the default connection type for Ansible on OSes that are new enough to support ControlPersist. (This means basically all operating systems except Enterprise Linux 6 or earlier).
Then you can do something like this in your ansible.cfg:
ssh_args = -t -t
Which will force ansible to connect the same way you do manually.
Then in your playbook or together with the task where you need it specify become and become_user
- name: Some task
debug: msg="this is a test"
become: true
become_user: someuser
su has an option, -c, that allows you to pass along a command to execute instead of launching a new shell.
-c, --command=COMMAND
pass a single COMMAND to the shell with -c
However, you're authenticating with sudo, which already does this by default; you can just cut su out of the command entirely:
ssh -t user#target "sudo -u service-user <your-command>"
To go one step further, you note that you're planning on putting this into an Ansible playbook. If so, you probably shouldn't be spending too much time trying to do this manually - Ansible will handle running commands remotely (that's one of its primary features, after all), and has a module for modifying the authorized_keys file.

"sshpass is not recognized" on Windows

I want to run sshpass command from my Windows to remote Linux server. I use this command:
sshpass -p 'password' ssh ldap.nextstep4it.com -l root -o StrictHostKeyChecking=no
But my cmd return below error statement:
'sshpass' is not recognized as an internal or external command,
operable program or batch file.
I think this is because Windows don't have sshpass package as Linux do. From Linux I have to install sshpass package to be able to run this command.
Is there anybody know how to run sshpass command through Windows command line?
You cant run sshpass in windows.
You can however use putty via the windows command line, to achieve the same thing.
putty -load "host" -l username -pw password
Also you can upload files via command line (with a password) using WinSCP
winscp /command "option batch abort" "option confirm off" "open sftp://user:password#example.com/" "put examplefile.txt /home/user/" "exit"
Instead of OpenSSH ssh, you can use PuTTY plink. It's command line equivalent of PuTTY and has very similar command-line syntax as OpenSSH ssh. But on top of it, it has -pw switch for providing a password.
The plink equivalent of your ssh call is:
plink ldap.nextstep4it.com -l root -pw password
You absolutely should not use -o StrictHostKeyChecking=no to blindly accept all host keys. That is a security flaw. You lose a protection against MITM attacks. Instead, with plink, you can use -hostkey switch to set the fingerprint of the expected host key.
Similarly:
instead of OpenSSH scp, use PuTTY pscp;
instead of OpenSSH sftp, use PuTTY psftp.
Both have the -pw switch.
Alternatively, both for SCP and SFTP, you can use my WinSCP SFTP/SCP client. WinSCP also supports providing the password on command-line/in script. And there's a guide for converting OpenSSH sftp script to WinSCP script.
No matter, if you use OpenSSH, PuTTY or WinSCP, it is always better is to use public key authentication than the password.
Using Windows Subsystem for Linux (WSL); first go to Settings->Turn Windows Features On or Off->Enable Windows Subsystem for Linux, then download and install Ubuntu or another Linux from the Microsoft Store.
To access WSL from cmd.exe type bash or wsl, I recommend hyper for terminals because it has tabs.
sudo apt-get install sshpass
sshpass -p passxxxx ssh user#ip.address 'touch newfileonserver.txt'
To invoke from a windows environment, eg. cmd.exe or Process.Start()
bash -c "sshpass -p passxxxx ssh user#ip.address 'touch newfileonserver.txt' "
You can install QtdSync for Windows.
This will contain the sshpass.exe
Just install cygwin in your Windows, then download sshpass and compile/install it, the whole process is quick and easy, it works great in my environment.
You can rather try putty.
Download it from here
Or you can install cygwin and install sshpass, but that would be a larger task.
So, if you need a passwordless login then with putty you can use puttygen, which you can install from the same link provided above.

Resources