I am using ssh for connecting one of the systems.
I have a perl script in that system which I have to run from my machine. But the commands in remote system runs only when it is in Super user mode (I give su - to become the super user, if I am working directly on the remote system)
But if I have to run the perl script from my system ( I am using OpenSSH for this purpose), in super user mode, how should I do it?
By the way, I have placed the command $sh->system("su -") . But it asks for the password but does not proceed further. I have waited for 5 mins atleast, even then I didnt get any response after I entered the password.
Can anyone say how to deal with this situation?
You could use sudo, and allow your user to become root with no password
Read the entry titled "Can't change working directory" on Net::OpenSSH FAQ to know why it doesn't work.
Then read the other entry, "Running remote commands with sudo", to see how you can solve it.
If you don't want ssh to ask for the password, you can add your client user key in the server .ssh/authorized_keys file of the target user. Using this, ssh won't ask for a password anymore.
Related
How login in a shell script to many Linux systems from one main Linux machine, without password in configuration?
Literally from your question, you do not want a passwordless connection between hosts. In this case, you will need to enter passwords N times.
Also, there is no context about the type of connection and commands you need to run. Then, a simple one-liner shell example could be the following:
for i in {"user1#host1","user2#host2"}; do ssh $i "hostname &"; done
However, why would you avoid a passwordless connection?
Any (most?) interactive methods of login can be scripted by using expect. Your expect script will wait for the password prompt and then provide the password. You will have read the password from a file or defined it as a variable in the script.
I'm writing a shell script to connect to a Linux based remote machine using ssh
After successfully logging in to the remote machine I'm able to execute Linux commands, now the real problem I'm facing is when trying to run the same script for another remote machine which will ask for a local authentication(username and password) upon ssh login to proceed further.
Can someone guide me on how to fill the first line with my username and immediately do a carriage return and perform similar action for password.
I've tried the below code connect.sh
sshpass -p <remote-passwd> ssh root#<remote-ip> 'bash -s' < test.sh
test.sh contain
ls
pwd
If I run connect.sh script it executes perfectly without asking for remote machine password. It also executes ls and pwd
Can I actually replace ls and pwd with my username and password to achieve what I'm trying to do??
Also, Am I looking on something which is not possible?? (I have seen a similar code in VB.NET which is solving my purpose but it is not a robust code and I really don't have any idea on VB scripts)
Update: I'm able to login to remote machine non interactively, but the remote machine environment immediately asks for a local authentication which again requires keyboard interaction, I'm looking for achieving this authentication non interactively
If at all possible, you should configure a public key on the server so you don't have to supply a password. This is more secure and will solve your problem more directly.
You may also want to look into orchestration frameworks, rather than implementing this all yourself. If you're doing small things, Fabric is a good option. If this looks like it'll become something much larger, you should look into something like Ansible, which can also additionally handle system configuration and a million other things, but requires very little setup to get started with.
I am looking to write a script which does following
List item
As I run it, it should ask for sever entry(linux or AIX)
Once it is provided, I should be able to login into it with sudo access
Then it should run command from particular location and display the output.
I have been looking for this entire day on this site, but could not find the satisfactory answer.
Hope to get good response on this.
Thanks
Abhi
There are a couple of ways to do this. As Leo pointed out, you could use Tcl/expect. This tool allows you to emulate a user and interact with programs as if you were at the keyboard. You can provide passwords to login clients and so forth. It's a bit involved and sometimes not so reliable. If you're using ssh to log in, it might be easier depending on your skills just to use your favorite shell script and use pre-exchanged keys for logging in. If you do an ls ~/.ssh in the directory of the system you're logging in from (running the script), you may see a file called id_rsa.pub or similar. If not, you can use ssh-keygen to create one. Then create or edit the file ~/.ssh/authorized_keys on the machine you're logging into. Append the contents of this file (id_rsa.pub) to authorized_keys. This should allow you to log into that user from the other machine without a password (note: This could be a security risk!). Then, you can use the command ssh user#dest -C remote_command to execute your command, obviating the need for expect.
I have a user called ec2-user and by this user I am getting connected to my EC2 instance by the help of the pem file I am able to connect to the machine,
Now I have added this user to the sudoers list by this command:
echo 'ec2-user ALL=(ALL) ALL' >> /etc/sudoers
This command executed successfully but after that when ever I want to do sudo its asking for password, when there is no password on the ec2-user.
Now, I have some of the questions:
If this is the wrong way, why Linux allows it to complete the command?
If this is right, then how to give the password?
If this I did in wrong way, how can I come back to my normal situation?
Thanks all
If this is the wrong way, why Linux allows it to complete the command?
No point in blaming Linux, It assumes that you have password set for an user.
If this is right, then how to give the password?
No, you can't provide a pasword because there is no pasword
If this I did in wrong way, how can I come back to my normal
situation?
Only way out is to boot the machine in single user mode and undo your changes. Unfortunately, you cannot boot an EC2 instnace into single user mode. Check with Amazon support whether they can help you with that.
You are pretty have run out of options. Create a new instance and then copy over your data by attaching EBS volume of this instance.
I assume you are using Amazon Linux AMI. For this AMI, by default the only account that can log in remotely using SSH is ec2-user. Also by default, password authentication is disabled to prevent brute-force password attacks. You must provide your key pair to the instance at launch, as you have already done. Please note that ec2-user has sudo privileges by default. When you do sudo, you don't have to enter any password. When you changed the sudoers file manually, you kind of changed the setting to require the password for any sudo operation by user ec2-user. Sorry that I don't know a easy way to get back to normal. I would suggest launching a new AMI instance and terminating your old one.
I've this need, I have to install ubuntu on a machine for a specific purpose, and I have to create a particular locked user account.
On startup i need to display the login box (so I have to admin the machine, only reboot and login as root) in the format with username and password fields.
After the login of this user, I have to auto open Google Chrome on a specific page.
Stop, this specific user doesn't have to do more. This machine is connected to a display with show ads in the expo of my client.
How to do this? I don't have any idea. Can anyone tell me ALL the correct step to achieve this?
Thanks in advance, Francesco
You have to setup a kiosk mode. You can find a good tutorial and all needed steps at http://www.alandmoore.com/blog/2011/11/05/creating-a-kiosk-with-linux-and-x11-2011-edition/
This may be an "old hat" answer...but yes, it's pretty common in practice to simply create a login shell that does a specific task (kind of similar to FTP or backup user accounts).
This means - simply put - in the /etc/passwd where you normally put the shell for the user (/bin/bash or whatever) you actually put a script that does whatever you want it to. When the script ends, the user is booted off.
If this is combined with a properly configured selinux, its pretty safe as long as the script is not hackable (I.e. does not request input which can have appended commands (I.e. "input name:" Mike; rm -rf /) or that can lead to a buffer overrun.
For this reason, its good practice to put the script in an isolated directory, chroot the user, put the user in its own group, and have the user/group only have permissions to that dir.