I need to restrict access to 1 of my linux servers . so i added to my "authorized_keys" file before the key :
no-pty ssh-rsa ..............
I disabled the password access to this machine from couple of ip's
In the seconds server that running ansible i need to success "Deploying" to the restricted server .
i need to know how i can permit couple of commands :
rsync
scp
Also i would like to disable the option to run commands to the restricted server like that :
ssh ***.***.***.*** | bash "date"
So once i'll run the ansible playbook i will be able to rsync / scp files to the restricted server
how can i do that ?
Thanks a lot ! Amit
Related
I am often having difficulties to set up password-less ssh connection on my clusters.
So I wrote a script, I thought it was working on ubuntu 14.04. I tried it today on a ubuntu 15 cluster, and it didn't work.
I am not really sure then if it ever worked on ubuntu 14.4 :-/
It is based on this page : http://mah.everybody.org/docs/ssh
I put the code on this github : https://github.com/romainjouin/formation_spark/blob/master/ubuntu_excange_ssh_keys.sh
the idea is to call the script, passing as first parameter the user#ip where we want to set up a password less ssh connection.
Can someone have a look to the github script : is there an obvious thing I am missing ?
Furthermore, before launching the script I :
Change /etc/ssh/sshd_config to uncomment
AuthorizedKeysFile %h/.ssh/authorized_keys
ant then do :
$/etc/init.d/ssh restart
EDIT
The code seems to work fine, but I was missing the authorisation on the home directory to make it work (home dir was 777 instead of 700).
The code seems to work fine, but I was missing the authorisation on the home directory to make it work (home dir was 777 instead of 700). – Romain Jouin
suppose you ssh remote-user#remote-host frequently, first
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
then, edit you ~/.ssh/config file
cat ~./ssh/config
Host foobar
HostName remote-host-ip
Port 22
User remote-user
IdentityFile ~/.ssh/id_rsa
now you can ssh like this
ssh foobar
I want to transfer some files from my local to remote, like github does it. I want to happend it very smooth like in shell script. I tried creating one shell script which automates the process of ssh authentication without password but for first time it exposes my remote server password. I dont want to do it that way. Like in git we can't see their server password. Is there any possible way that we can do ?
I used this article script to automate ssh login. http://www.techpaste.com/2013/04/shell-script-automate-ssh-key-transfer-hosts-linux/
As i mentioned, you can use the scp command, like this:
scp /local_dir/some*.xml remote_user#remote_machine:/var/www/html
This requires that you need connect to the remote machine without password, only with ssh key-authentication.
Here is a link: http://linuxproblem.org/art_9.html to help you.
The important steps: (automatic login from host A / user a to Host B / user b.)
a#A:~> ssh-keygen -t rsa
a#A:~> ssh b#B mkdir -p .ssh
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
I have this linux machine with ssh server installed, I can access the server using username="ubuntu". ssh server blocks clients that try to connect using "root" username.
So connection can be made by:
ssh -i mykey ubuntu#myserver
I can get files that belong to "ubuntu" using :
scp -i mykey ubuntu#myserver:<file location> ./
However, what I really want is to get files that belong to "root" username, (Note: I can't access the server with username "root" for obvious security reasons).
so is there a way to do download files that are under "root" username?
I was thinking to do some magic in the server side that enables me to do that.(I don't know how :) )
if this help: I have root access and also I can create files on my server side. but I'm not allowed to change the file permission under the root(if someone get hold of these files I'll be fired)
You can try monster like this
ssh ubuntu#myhost 'sudo cat /path/to/file | uuencode' | uudecode > path/to/local
You should have uuencode and uudecode on coresponding hosts.
Or if file is text you can skip uuencode part
ps: see related topic
You could do it the other way around.
Log into the the pc with the file you want with
ssh ubuntu#myserver
Then gain superuser privileges
sudu su
and then copy the files you want
scp /the_file_you_want ubuntu#myhost:/the_location_and_filename_you_want
Some other ways you can find here
https://unix.stackexchange.com/questions/106480/how-to-copy-files-from-one-machine-to-another-using-ssh
enable ssh on your machine
(if fedora) (for ubuntu you can find command on google easily)
service sshd on
From your local machine
ssh -i ubuntu#myserver
change to root
su
enter password
and copy files using scp
scp somefile.extension randomuser#localmachine:/some/path/
I hope it helps
For work, I have to connect to dozens of Linux machines via SSH (to perform maintenance, monitor the system, install software, etc).
I have a small arsenal of scripts that help me do some of these tasks, and these are located in a folder on my Mac in /Users/me/bin. I want to be able to run these scripts on the remote Linux machine, but for several reasons I do not want these scripts permanently located on these machines (e.g., other people also connect to these remote machines, and it would be unwise to let them execute these files).
So, is possible to share scripts across an SSH connection for the lifetime of the session only?
I have a couple of ideas on how to do this, but I don't know if any of them will work. Firstly, if SSH allows file mounting, I could automatically mount me#mymac:/Users/me/bin to me#linux:/remote_bin when I connect to the remote Linux box, and set my PATH variable to "$PATH:/remote_bin". Secondly, I could set up port forwarding in the connection string (e.g., ssh me#linux -R 9999:127.0.0.1:<SMBPORT|ETC> and every time I connect mount the share and set the $PATH variable.
EDIT: I've come up with a semi-solution. On the linux machine, edit /etc/ssh/sshd_config to add the following subsystem: Subsystem shareduserbinary sudo su -l -c "/bin/mount -t cifs -o port=9999,username=me,nounix,sec=ntlmssp //127.0.0.1/exported_bin /mnt/remote_bin" && bash -l -i -s. When connecting to the remote machine, set up a reverse port forward and invoke the subsystem. E.g.: ssh -R 9999:127.0.0.1:445 -s shareduserbinary me#linux.
EDIT 2: You can make the solution above cleaner, by removing the -l from the sudo command and changing the path from /mnt/remote_bin to $HOME/rbin.
Interesting question. Perhaps you can add a command to ~/.bash_login (assuming you are using bash) to copy the scripts from a remote host (such as your mac) when you login, then add a command to ~/.bash_logout to delete the scripts when you logout. But, as bmargulies points out, it would be a good idea to go a step further and make sure that nobody else has permissions to read or execute the scripts.
You can use OpenSSH's LocalCommand to upload the files (using e.g. scp or rsync) when initiating an SSH session (see man ssh_config and this):
Host server1 server2 [...]
PermitLocalCommand yes
LocalCommand scp -q /Users/bin/me/* %h:temp_bin/
and use .bash_logout or an EXIT-trap that you specify in your .bashrc to delete the contents of the directory on logout.
I want to run a shell script using SSH which takes resource from other machine while the script is in some other machine, all on the same network. I don't want to copy the resource to the local machine.
Note: The shell script takes .txt file as input
If you have script.sh on server1 and file.txt on server2, you can connect through ssh to server1, and then do:
[user#server1]$ ssh user#server2 "cd mydir && cat file.txt" | ./script.sh
Try this:
ssh USER_NAME#HOST_ADDRESS "BASH_SCRIPT_FILE_PATH"
You will need to provide password whenever required.
If your script is in Machine A, you can't run that on Machine B without copying it over. First, copy the script over to Machine B using scp
[user#machineA]$ scp /path/to/script user#machineB:/home/user/path
Then, just run the script
[user#machineA]$ ssh user#machineB "/home/user/path/script"
This will work if you have given executable permission to the script.
OR
Try this one..
<hostA_shell_prompt>$ ssh user#hostB "ls -la"
That will prompt you for password, unless you have copied your hostA user's public key to the authorized_keys file on the home of user .ssh's directory. That will allow for passwordless authentication (if accepted as an auth method on the ssh server's configuration)
I not fully understand your question. Other answers gave "How to run remote script?"
But i think question is Remote script has to take remote file, even I not sure about this
Login Remote PC using ssh.
Install sshfs if not installed .
Then mount other remote machine directory which has the file you want to use in script to local directory. This can be done using sshfs
Then run the script with file from locally mounted directory
Then unmount the directory when you finished.
Somewhat large procedure.
Mounting remote directory with sshfs
man sshfs