ssh dynamically from script from any server - linux

Ok, I have been searching for few hours and cannot seem to find the solution.
I have a file on a remote server to which one of the local users on that server has write access. I have the credentials. The requirement is:
The shell/perl script should automatically login to the server and write to that file.
The script should work from any server on the network without installing any extra packages as that will require me to sudo which will again ask for password and is therefore not possible from script.
I tried using expect but the server keeps saying spawn not found.
Please advise.

#!/bin/bash
ssh -l username hostname "password; ~/updatefile.sh params"
Doesn't work.
To use the key method, try the following:
#!/usr/bin/env ssh-agent /usr/bin/env bash
KEYFILE=`mktemp`
cat << EOF > ${KEYFILE}
-----BEGIN RSA PRIVATE KEY-----
[.......]
EOF
ssh-add ${KEYFILE}
ssh user host command
# Remove the key file.
rm -f ${KEYFILE}
To generate a key for use, refer to the following: http://www.ece.uci.edu/~chou/ssh-key.html

Related

How to pass the variable to ssh command on shell

I am writing the script to ssh the server.
I have the server which require the verification code and password login, and I want the script can login the server and run some script on server every day (crontab).
I only have the access on the server and I cannot the right to setup the crontab on the server.
So i want to setup the crontab and script on my own server to do.
(If i cannot run the script on server, at least I want to login my server via one line command.)
Currnet Flow
user ~% ssh xxxx#example.com
The authenticity of host 'example.com' can't be established.
RSA key fingerprint is SHA256?[yyyyyyyyyyyyyyyyyyy].
Are you sure you want to continue connecting (yes/no/[fingerprint])? (yes)
Verification code: (input)
Password: (input)
xxxx$ ./a.sh
I write the command below
print "(verification code)\n(pwd)\n" | ssh -t -t xxxx#example.com
I think that this command will pass "the code , enter, the password" to the ssh and perform the one line command login.
However the output is
Verification code: | (cursor)
Any one can help me how to fix this (let the script auto press enter) ??
Use 'sshpass', for example:
sshpass -p <password> ssh <username>#<remote-address> ./a.sh
First, I don't have an answer if "verification code and password login" is the only authentication option setup in the server.
Since you have not mention key based authentication in your question, I would suggest investigating whether it is an option.
Use this to generate private/public keys for the machine sending the command:
ssh-keygen -t rsa
That would normally create the keys in ~/.ssh (id_rsa and id_rsa.pub).
Then, use this to authorise login on the server:
ssh-copy-id xxxx#example.com
That would add your public key (~/.ssh/id_rsa.pub) to ~/.ssh/authorized_keys in the server.

How can i input password from bash script?

I am creating a bash script that trying to connect to a remote server, but it requires to enter a password, I wrote the following script:
ssh HostIP
expect "password:"
send "password"
but it connects and gives "user#HostIP's password:", so the send command is not writing any password to the screen....what should I do to make it work?
Writing passwords in file(s) or scripts is NEVER a good practice. Why don't you give a try to password less authentication from one server to another.
Simple steps:
I- generate the RSA public and private keys from command ssh -keygen -t rsa to your server1.
II- Now create .ssh directory in your another server(server2)'s home dorectory with correct permissions.
III- Create file named authorized_keys on server2.
IV- Open file named authorized_keys on server2 and copy file named id_rsa.pub from server1 to server2.
V- Set permissions to 640 to ~/.ssh/authorized_keys now.
VI- try to login to server2 now by doing:
ssh user#server2
Here is a nice link which could tell you about same too.
https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/
Once passwordless authentication is set from server1 to server2 with ssh then you could simply execute all ssh commands in your script which you want to run on another server.
You can do it with sshpass like :
sshpass -p **your_password** ssh user#HostIP
If sshpass is not already installed, you can install it and make the first connection in bash console for "the yes confirmation"

Pass a password as an environment variable through SSH

Here is what I know:
echo "password" | sudo SOME_COMMAND
The above mentioned command will log in as root directly in Bash shell and run SOME_COMMAND.
What I am trying to do:
I want to perform same task, but from a remote machine. For that I want to pass the password as a variable via an SSH command. Something like this:
ssh -o PASSWORD=password user#hostA 'echo $PASSWORD | sudo SOME_COMMAND'
(Reference: When ssh'ing, how can I set an environment variable on the server that changes from session to session?)
But it doesn't pass the $PASSWORD variable.
How can I do it?
Simple summary:
Here is what I want to do:
I want to pass a variable to remote host when I log in through SSH so I can access it in the remote host script.
You can use the sshpass utility to do this task.
But this is not a secure way; your password is not in an encrypted format.
Reference: sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script
You should not use sudo and ssh in one line. Here is a discussion and solution that I was answering yesterday on Super User.
To pass a variable though a pipe you can do the following...
echo "Hello, World!" | ssh USER#HOST cat
Other methods would be passing files via scp or rsync.

Piping different values into bash command [duplicate]

How can you make SSH read the password from stdin, which it doesn't do by default?
based on this post you can do:
Create a command which open a ssh session using SSH_ASKPASS (seek SSH_ASKPASS on man ssh)
$ cat > ssh_session <<EOF
export SSH_ASKPASS="/path/to/script_returning_pass"
setsid ssh "your_user"#"your_host"
EOF
NOTE: To avoid ssh to try to ask on tty we use setsid
Create a script which returns your password (note echo "echo)
$ echo "echo your_ssh_password" > /path/to/script_returning_pass
Make them executable
$ chmod +x ssh_session
$ chmod +x /path/to/script_returning_pass
try it
$ ./ssh_session
Keep in mind that ssh stands for secure shell, and if you store your user, host and password in plain text files you are misleading the tool an creating a possible security gap
You can use sshpass which is for example in the offical debian repositories. Example:
$ apt-get install sshpass
$ sshpass -p 'password' ssh username#server
You can't with most SSH clients. You can work around it with by using SSH API's, like Paramiko for Python. Be careful not to overrule all security policies.
Distilling this answer leaves a simple and generic script:
#!/bin/bash
[[ $1 =~ password: ]] && cat || SSH_ASKPASS="$0" DISPLAY=nothing:0 exec setsid "$#"
Save it as pass, do a chmod +x pass and then use it like this:
$ echo mypass | pass ssh user#host ...
If its first argument contains password: then it passes its input to its output (cat) otherwise it launches whatver was presented after setting itself as the SSH_ASKPASS program.
When ssh encounters both SSH_ASKPASS AND DISPLAY set, it will launch the program referred to by SSH_ASKPASS, passing it the prompt user#host's password:
An old post reviving...
I found this one while looking for a solution to the exact same problem, I found something and I hope someone will one day find it useful:
Install ssh-askpass program (apt-get, yum ...)
Set the SSH_ASKPASS variable (export SSH_ASKPASS=/usr/bin/ssh-askpass)
From a terminal open a new ssh connection without an undefined TERMINAL variable (setsid ssh user#host)
This looks simple enough to be secure but did not check yet (just using in a local secure context).
Here we are.
FreeBSD mailing list recommends the expect library.
If you need a programmatic ssh login, you really ought to be using public key logins, however -- obviously there are a lot fewer security holes this way as compared to using an external library to pass a password through stdin.
a better sshpass alternative is :
https://github.com/clarkwang/passh
I got problems with sshpass, if ssh server is not added to my known_hosts sshpass will not show me any message, passh do not have this problem.
I'm not sure the reason you need this functionality but it seems you can get this behavior with ssh-keygen.
It allows you to login to a server without using a password by having a private RSA key on your computer and a public RSA key on the server.
http://www.linuxproblem.org/art_9.html

Transfer files between local to remote server using ssh without password authentication

I want to transfer some files from my local to remote, like github does it. I want to happend it very smooth like in shell script. I tried creating one shell script which automates the process of ssh authentication without password but for first time it exposes my remote server password. I dont want to do it that way. Like in git we can't see their server password. Is there any possible way that we can do ?
I used this article script to automate ssh login. http://www.techpaste.com/2013/04/shell-script-automate-ssh-key-transfer-hosts-linux/
As i mentioned, you can use the scp command, like this:
scp /local_dir/some*.xml remote_user#remote_machine:/var/www/html
This requires that you need connect to the remote machine without password, only with ssh key-authentication.
Here is a link: http://linuxproblem.org/art_9.html to help you.
The important steps: (automatic login from host A / user a to Host B / user b.)
a#A:~> ssh-keygen -t rsa
a#A:~> ssh b#B mkdir -p .ssh
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'

Resources