My goal:
To Run PowerShell as an Administrator, which requires admin authentication in our environment, and to store those credentials in a variable to be used by the script run in that session.
In case that's not enough info:
I am writing a script which uses the username of the admin running the script in a variable (for logging).
I don't want to make the admins who will run this script have to log in twice. Our environment is set up so when one runs Powershell as Administrator he is prompted for admin credentials. I don't want to have the script prompt for credentials a second time to store them in variable.
$env:USERNAME doesn't help me because I don't want the username logged into the computer, I want the admin username used to run the script.
How can I accomplish this?
The closest I've come so far is running the following in standard PowerShell session:
$AdminCred = Get-Credential
Start-Process powershell -Credential $AdminCred -ArgumentList "-file c:\ScriptName.ps1"
...but that leaves me with two problems:
1) Im running PS with Admin rights, but it not the same as "Running as Administrator" in that my
#Requires -RunAsAdministrator
line rejects it. and
2) This opens a new PS window and my $AdminCred variable is not stored there.
Seems relatively simple, but I'm still pretty new at this PS game.
Really appreciate whatever help I can get...
First you store password as secure string and store username and password in one variable using system.management.automation after pass that variable to authenticate
Related
Since I am very used to being prompted for my user-id while using putty or MobaXterm in SSH sessions I expected to have the same behaviour when using SSH in the windows terminal but that is not the case.
If I try it without specifying a user via
ssh <servername>
the command line will just use my windows user which I don't want to, since all of my hosts have too many technical users and entering them on the fly is way simpler for me than creating 3-4 a configs/profiles for each host.
I already tried creating a config file "C:\Users<my-user>.ssh\config" and played around with overwriting the "User" config via making a blank entry like
Host *
User
which obviously didn't work.
Do you think I need to write some sort of wrapper in order to get a proper "login as:" prompt or am I just missing some simple configuration that needs to be adapted?
Luckily I found a solution for this.
When creating a new profile I added the following line as a command:
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe /c "$login_user = Read-Host -Prompt 'login as'; ssh $login_user#<hostname>"
Replace the "<hostname>" above with whatever server you want to access.
A script has been written to access a website programatically(sending a get request) that requires user login credentials, and so the same has been hardcoded in the script.Is there a way in python to hide these credentials from the test script?
You could use something like this:
https://github.com/microsoft/Windows-universal-samples/tree/master/Samples/PasswordVault
Alternatively, if your script is only going to run on one server, you could keep the credentials in the environment variables on that machine and make the script refer to those variables.
I am writing a command line app in Go that allows automating the configuration of networking devices over SSH. Unfortunately, most of these devices are configured for password authentication rather than key authentication. Is there a way to temporarily and securely store the user's password for only the current terminal session? Similar to how setting an environment variable with export ENV_VAR=<value> only stores the environment variable for the current session. For example, a user opens the terminal, runs my CLI, and is prompted for their password. For subsequent calls to my program, I'd like to not prompt the user for their password again. If the user closes their terminal then comes back later, however, I would want the password prompt to reappear when my CLI is called. If possible, I would like to do this without using a database since the number of users of my CLI will be very small.
I have a PHP application, with Usernames and Public SSH Keys in it. I would like to use these accounts as the user back end of openssh.
I think I need to use pam_exec and a PHP/Bash script. I've written a php script that I can execute at CLI (The shebang sets an env of php executable). If I need to wrap this in a bash script instead to access environment variables I can do that. The script currently takes a username as its first and only parameter like so:
/opt/scripts/my-auth-script.php user_to_look_for
The script will exit zero on success (the user exists) or exit 1 if not. It currently echoes OK or Failed also but I can easily turn that off.
So, my question is, how do I have pam_exec call my script to look for user accounts, before looking on the actual host system for user accounts?
I've got it working. The way to do this is to set the AuthorizedKeysCommand and AuthorisedKeyUser settings of openssh in sshd_config. There is a caveat, the reason that github and others provide ssh as a service through a single login user shared among customers is that the user being called must be resolvable by the system being logged into, so they muxt exist locally, or the user db must be connected to a remote source like LDAP, which would also then have to be integrated into the application.
The way to get around this though, is that the AuthorizedKeyCommand can take parameters, %u for username, and also in this case %k for key or %f for sha256 fingerprint of the key. Then, that script can ignore the generic username it was given, and then just check the database for a match for the key or fingerprint. If we find it, we have the user for that key and successful authentication. If not we dont.
I am trying to create a application using innoscript. I need to create/edit registry information values in HKLM. Hence I need admin privileges to install the application.
However, if a non admin user try to install the application, innoscript require admin user password, once they enter the admin user password, whenever I query the registry in installation script (say, HKCU), it retrieves information from the admin user. But I would like to get information from the currently logged in user. As a result, program installed under the admin user location instead of current logon user account.
Is there a way to get current logon user user and user app data location from innoscript, when the application is started with Run as administrator or prompted admin user.
Awaiting your update.
Thanks,
The installer is not supposed to read or modify any per-user state (including HKCU) during a per-machine installation (and there is no way to do so reliably). You should instead make the application itself do this on first run (by trying to read the appropriate location and assuming default values if they were not found).
Remember, an application is installed once, but can then be run by several different users. This behaviour is essential.
An easy workaround is to move your logic to an executable instead of Pascal script. Then you can call this executable in [Run] section,
http://www.jrsoftware.org/ishelp/index.php?topic=runsection
Remember to mark the Run item as runasoriginaluser.