I have setup an SSH tunnel to my mail server as follows:
ssh -o ServerAliveInterval=60 -f me\#mydomain.com -L 63110:mail.mydomain.com:110 -N
ssh -o ServerAliveInterval=60 -f me\#mydomain.com -L 63325:mail.mydomain.com:25 -N
I can send/receive mail for a while, but after a period of inactivity, my mail client reports that it doesn't get a valid greeting from the mail server.
I have a perl script that checks every minute to make sure that the ssh tunnel is running (via ps) and that the port is open (using IO::Socket::PortState qw(check_ports)), but I would like to check whether or not I get a valid greeting as well.
What would be the best way to do this either in perl or a shell script (running Ubuntu 12.04)?
To answer the question, notwithstanding the setup of the OP, THE tool to use is swaks aka the Swiss Army Knife of SMTP. You can get it from here: http://jetmore.org/john/code/swaks/
Typically to test your smtp you would use a command like this: swaks --server mail.example.com --from ben.holness#example.com --to ben.holness#somewhere.example.com
It will then show you all the dialogue between the smtp client and the server, making it really easy to pinpoint the source of possible problems.
Related
I'm fairly new to openssh, i am writing a framework to automate a couple of tasks.
I understand that its easy to send commands over ssh to a remote vm to do some things. But i want to send some commands to a CLI-like service that's running inside my remote vm.
To explain it better:
[c:\~]$ ssh root#x.x.x.x
Connecting to x.x.x.x:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
[root#vm1 ~]# ssh admin#0
admin#0's password:
admin connected from 127.0.0.1 using ssh on vm1
Your last successful login was at 2021-2-1 19:25:27
Your last successful login was from 127.0.0.1
admin#vm1>
This is what i'm doing,
a)I log into my remote machine via ssh.
b)Then i log into the CLI-like service that's running inside my vm.
So what i want to achieve is, i want to run some commands on the CLI on my vm. My perl script presently looks like this. (Note: My perl script is running in a different vm altogether)
#! /usr/bin/perl
use strict;
use warnings;
use Net::OpenSSH;
use IO::Pty;
print "New connection\n";
my $ssh = Net::OpenSSH->new("x.x.x.x",user=>'admin', password=>'password', port=>22, timeout=>30);
$ssh->error and die "Could not connect\n". $ssh->error;
my $cmd = $ssh->pipe_out("show alarm");
while(<$cmd>){
print "$_";
}
close $cmd;
undef $ssh;
This is the o/p that i see:
root#debian:~# perl automate.pl
New connection
Your last successful login was at 2021-2-1 19:40:20
Your last successful login was from x.x.x.x
^C
root#debian:~#
The o/p i'm expecting is for the command "show alarm" but looks like the command is not reaching the CLI of my target machine.
It would be of great help if can get some guidance from y'all.
Thanks.
I am new to linux and shell scripting. I want to connect to localhost and interact it.
#! /bin/bash
(exec /opt/scripts/run_server.sh)
when i execute this bash script, it starts listening on a port.
Listening on port xxxxx
Now i want to issue this command "telnet localhost xxxxx"
I tried something like this:
#! /bin/bash
(exec /opt/opencog/scripts/run_server.sh)&&
telnet localhost xxxxx
It is still listening on the port. But i think second command is not running. I expect another window showing that it is being connected like this.
vishnu#xps15:~$ telnet localhost xxxx
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
server>
The reason why i executing these as a script is that, automatically in the server i need to carry out some process by issuing certain commands like this "scm" "parse" etc.....
vishnu#xps15:~$ telnet localhost xxxx
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
server>scm
Entering scheme shell; use ^D or a single . on a line by itself to exit.
guile> (parse "i eat apple")
I have lots of text coming. Manually i cant issue this parse command for each and every sentence. so i want to automate. So i need to write a script for connecting to the server and interacting.
Any guidelines. Finally How to interact/send commands to this guile shell?
One way to login to the linux server as a same or different user and run some command or .sh script (very useful for post-commit hooks or cron jobs) is to use program called sshpass, for example a cron job command or svn post-commit hook would look like this:
/usr/bin/sshpass -p 'password' /usr/bin/ssh
-o StrictHostKeyChecking=no -q user#localhost 'any command'
Just replace password with your password, and user with your user, and put command that you need to run as that particular user...
To install sshpass it on ubuntu just type
apt-get install sshpass
Or on CentOs
yum install sshpass
I solved this with the netcat (nc) command.
$ echo "command1\ncommand2\n" | nc localhost xxxxx
I could manually connect to localhost using telnet localhost xxxx and then i can pass commands from shell to localhost like this.
If you need to use telnet, this solution may help you. Otherwise, use ssh, as other answer suggests.
You can use anything that produces output to write lines one by one, followed by "\r\n", and pipe these lines to ncat, e.g.:
echo -e "command1\r\ncommand2\r\n" | ncat localhost 5000
-e option makes echo interpret "\r\n" as special symbols.
I have two questions:
There are multiple remote linux machines, and I need to write a shell script which will execute the same set of commands in each machine. (Including some sudo operations). How can this be done using shell scripting?
When ssh'ing to the remote machine, how to handle when it prompts for RSA fingerprint authentication.
The remote machines are VMs created on the run and I just have their IPs. So, I cant place a script file beforehand in those machines and execute them from my machine.
There are multiple remote linux machines, and I need to write a shell script which will execute the same set of commands in each machine. (Including some sudo operations). How can this be done using shell scripting?
You can do this with ssh, for example:
#!/bin/bash
USERNAME=someUser
HOSTS="host1 host2 host3"
SCRIPT="pwd; ls"
for HOSTNAME in ${HOSTS} ; do
ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"
done
When ssh'ing to the remote machine, how to handle when it prompts for RSA fingerprint authentication.
You can add the StrictHostKeyChecking=no option to ssh:
ssh -o StrictHostKeyChecking=no -l username hostname "pwd; ls"
This will disable the host key check and automatically add the host key to the list of known hosts. If you do not want to have the host added to the known hosts file, add the option -o UserKnownHostsFile=/dev/null.
Note that this disables certain security checks, for example protection against man-in-the-middle attack. It should therefore not be applied in a security sensitive environment.
Install sshpass using, apt-get install sshpass then edit the script and put your linux machines IPs, usernames and password in respective order. After that run that script. Thats it ! This script will install VLC in all systems.
#!/bin/bash
SCRIPT="cd Desktop; pwd; echo -e 'PASSWORD' | sudo -S apt-get install vlc"
HOSTS=("192.168.1.121" "192.168.1.122" "192.168.1.123")
USERNAMES=("username1" "username2" "username3")
PASSWORDS=("password1" "password2" "password3")
for i in ${!HOSTS[*]} ; do
echo ${HOSTS[i]}
SCR=${SCRIPT/PASSWORD/${PASSWORDS[i]}}
sshpass -p ${PASSWORDS[i]} ssh -l ${USERNAMES[i]} ${HOSTS[i]} "${SCR}"
done
This work for me.
Syntax : ssh -i pemfile.pem user_name#ip_address 'command_1 ; command 2; command 3'
#! /bin/bash
echo "########### connecting to server and run commands in sequence ###########"
ssh -i ~/.ssh/ec2_instance.pem ubuntu#ip_address 'touch a.txt; touch b.txt; sudo systemctl status tomcat.service'
There are a number of ways to handle this.
My favorite way is to install http://pamsshagentauth.sourceforge.net/ on the remote systems and also your own public key. (Figure out a way to get these installed on the VM, somehow you got an entire Unix system installed, what's a couple more files?)
With your ssh agent forwarded, you can now log in to every system without a password.
And even better, that pam module will authenticate for sudo with your ssh key pair so you can run with root (or any other user's) rights as needed.
You don't need to worry about the host key interaction. If the input is not a terminal then ssh will just limit your ability to forward agents and authenticate with passwords.
You should also look into packages like Capistrano. Definitely look around that site; it has an introduction to remote scripting.
Individual script lines might look something like this:
ssh remote-system-name command arguments ... # so, for exmaple,
ssh target.mycorp.net sudo puppet apply
The accepted answer sshes to machines sequentially. In case you want to ssh to multiple machines and run some long-running commands like scp concurrently on them, run the ssh command as a background process.
#!/bin/bash
username="user"
servers=("srv-001" "srv-002" "srv-002" "srv-003");
script="pwd;"
for s in "${servers[#]}"; do
echo "sshing ${username}#${s} to run ${script}"
(ssh ${username}#${s} ${script})& # Run in background
done
wait # If removed, you can run some other script here
If you are able to write Perl code, then you should consider using Net::OpenSSH::Parallel.
You would be able to describe the actions that have to be run in every host in a declarative manner and the module will take care of all the scary details. Running commands through sudo is also supported.
For this kind of tasks, I repeatedly use Ansible which allows to duplicate coherently bash scripts in several containets or VM. Ansible (more precisely Red Hat) now has an additional web interface AWX which is the open-source edition of their commercial Tower.
Ansible: https://www.ansible.com/
AWX:https://github.com/ansible/awx
Ansible Tower: commercial product, you will probably fist explore the free open-source AWX, rather than the 15days free-trail of Tower
There is are multiple ways to execute the commands or script in the multiple remote Linux machines.
One simple & easiest way is via pssh (parallel ssh program)
pssh: is a program for executing ssh in parallel on a number of hosts. It provides features such as sending input to all of the processes, passing a password to ssh, saving the output to files, and timing out.
Example & Usage:
Connect to host1 and host2, and print "hello, world" from each:
pssh -i -H "host1 host2" echo "hello, world"
Run commands via a script on multiple servers:
pssh -h hosts.txt -P -I<./commands.sh
Usage & run a command without checking or saving host keys:
pssh -h hostname_ip.txt -x '-q -o StrictHostKeyChecking=no -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes' -i 'uptime; hostname -f'
If the file hosts.txt has a large number of entries, say 100, then the parallelism option may also be set to 100 to ensure that the commands are run concurrently:
pssh -i -h hosts.txt -p 100 -t 0 sleep 10000
Options:
-I: Read input and sends to each ssh process.
-P: Tells pssh to display output as it arrives.
-h: Reads the host's file.
-H : [user#]host[:port] for single-host.
-i: Display standard output and standard error as each host completes
-x args: Passes extra SSH command-line arguments
-o option: Can be used to give options in the format used in the configuration file.(/etc/ssh/ssh_config) (~/.ssh/config)
-p parallelism: Use the given number as the maximum number of concurrent connections
-q Quiet mode: Causes most warning and diagnostic messages to be suppressed.
-t: Make connections time out after the given number of seconds. 0 means pssh will not timeout any connections
When ssh'ing to the remote machine, how to handle when it prompts for
RSA fingerprint authentication.
Disable the StrictHostKeyChecking to handle the RSA authentication prompt.
-o StrictHostKeyChecking=no
Source: man pssh
This worked for me. I made a function. Put this in your shell script:
sshcmd(){
ssh $1#$2 $3
}
sshcmd USER HOST COMMAND
If you have multiple machines that you want to do the same command on you would repeat that line with a semi colon. For example, if you have two machines you would do this:
sshcmd USER HOST COMMAND ; sshcmd USER HOST COMMAND
Replace USER with the user of the computer. Replace HOST with the name of the computer. Replace COMMAND with the command you want to do on the computer.
Hope this helps!
You can follow this approach :
Connect to remote machine using Expect Script. If your machine doesn't support expect you can download the same. Writing Expect script is very easy (google to get help on this)
Put all the action which needs to be performed on remote server in a shell script.
Invoke remote shell script from expect script once login is successful.
I know it is possible to write a shell script which passes your hard-coded password to a ssh connection authentication (using expect). However what I need is slightly more complicated.
At my university I have a desktop computer appointed to me. I can connect remotely to this computer by first making a ssh connection with some server, then making another ssh connection from that server to my appointed desktop computer. This goes like:
localuser#localcomputer:~$ ssh -X username#serveraddress
username#serveradress password:
server$ ssh -X username#remotecomputeraddress
username#remotecomputeraddress password:
username#remotecomputer:~>
Is there a way to write a script which could automate the above (i.e. performing two consecutive ssh connections)?
Thanks in advance!
ps: Both the local and the remote computers are running on Linux.
You can do this interactively with:
ssh -t -X username#serveraddress ssh -t -X username#remotecomputeraddress
Note that is not a pipe - the second ssh is the command to run on the connection created by the first ssh. The -t options are necessary to allocate the pseudo-ttys necessary for interaction (password gathering as well as the ultimate goal - an interactive session on the remote system). Wrapping it up with expect left as an exercise for the reader.... ;-)
Bonus points for setting up proper private/public key pairs and ssh-agent so that the passwords aren't necessary (unless, of course, that is disallowed for security reasons).
Yes, you can do this.
Presuming you have your except script in the expect_script:
cat expect_script | ssh -X username#serveraddress sh -s
In this expect_script you must run ssh -X username#remotecomputeraddress.
And of course you can install public keys on the both hosts and use passwordless authentication.
I wrote something to do this with bang paths a while back:
http://stromberg.dnsalias.org/~strombrg/deep-ssh.html
So you'd set up passwordless, passphraseless authentication (or use an agent for the passphrase), like:
http://stromberg.dnsalias.org/~strombrg/ssh-keys.html
And then:
deep-ssh username#serveraddress!username#remotecomputeraddress command
If bash complains about the !, you can just escape it with a backslash.
The old timers will recognize that this is how UUCP paths were specified.
how do I execute command/script on a remote linux box?
say I want to do service tomcat start on box b from box a.
I guess ssh is the best secured way for this, for example :
ssh -OPTIONS -p SSH_PORT user#remote_server "remote_command1; remote_command2; remote_script.sh"
where the OPTIONS have to be deployed according to your specific needs (for example, binding to ipv4 only) and your remote command could be starting your tomcat daemon.
Note:
If you do not want to be prompt at every ssh run, please also have a look to ssh-agent, and optionally to keychain if your system allows it. Key is... to understand the ssh keys exchange process. Please take a careful look to ssh_config (i.e. the ssh client config file) and sshd_config (i.e. the ssh server config file). Configuration filenames depend on your system, anyway you'll find them somewhere like /etc/sshd_config. Ideally, pls do not run ssh as root obviously but as a specific user on both sides, servers and client.
Some extra docs over the source project main pages :
ssh and ssh-agent
man ssh
http://www.snailbook.com/index.html
https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
keychain
http://www.gentoo.org/doc/en/keychain-guide.xml
an older tuto in French (by myself :-) but might be useful too :
http://hornetbzz.developpez.com/tutoriels/debian/ssh/keychain/
ssh user#machine 'bash -s' < local_script.sh
or you can just
ssh user#machine "remote command to run"
If you don't want to deal with security and want to make it as exposed (aka "convenient") as possible for short term, and|or don't have ssh/telnet or key generation on all your hosts, you can can hack a one-liner together with netcat. Write a command to your target computer's port over the network and it will run it. Then you can block access to that port to a few "trusted" users or wrap it in a script that only allows certain commands to run. And use a low privilege user.
on the server
mkfifo /tmp/netfifo; nc -lk 4201 0</tmp/netfifo | bash -e &>/tmp/netfifo
This one liner reads whatever string you send into that port and pipes it into bash to be executed. stderr & stdout are dumped back into netfifo and sent back to the connecting host via nc.
on the client
To run a command remotely:
echo "ls" | nc HOST 4201