This is my first shot at trying out cgi-perl scripts. I have SSH keys set up between my (root user) local machine and a remote machine. I'm trying to run a command on the remote box and display the output on a webpage hosted from my local machine. The script runs fine from command line however, it throws SSH key error when called from the webpage because the user running the script is apache and not root. Is there a way to get around this issue?
If you not already have a restricted account, create one, create the SSH keys and add the commands that the user should be allowed to execute via sudo to the /etc/sudoers file (e.g. via visudo, more about sudoers). This is the safest approach imho.
You can even restrict the user in such a way, that he can only execute these commands. For
I don't know about Perl, but normal you can specify which user should be logged in via SSH:
ssh user#host
Update:
Are you using the Net::SSH::Perl module? If so, just set the user accordingly:
my $host = "perlhowto.com";
my $user = "user";
my $password = "password";
#-- set up a new connection
my $ssh = Net::SSH::Perl->new($host);
#-- authenticate
$ssh->login($user, $pass);
(I just copied and pasted this code from perlhowto.com)
Related
I am creating a bash script that trying to connect to a remote server, but it requires to enter a password, I wrote the following script:
ssh HostIP
expect "password:"
send "password"
but it connects and gives "user#HostIP's password:", so the send command is not writing any password to the screen....what should I do to make it work?
Writing passwords in file(s) or scripts is NEVER a good practice. Why don't you give a try to password less authentication from one server to another.
Simple steps:
I- generate the RSA public and private keys from command ssh -keygen -t rsa to your server1.
II- Now create .ssh directory in your another server(server2)'s home dorectory with correct permissions.
III- Create file named authorized_keys on server2.
IV- Open file named authorized_keys on server2 and copy file named id_rsa.pub from server1 to server2.
V- Set permissions to 640 to ~/.ssh/authorized_keys now.
VI- try to login to server2 now by doing:
ssh user#server2
Here is a nice link which could tell you about same too.
https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/
Once passwordless authentication is set from server1 to server2 with ssh then you could simply execute all ssh commands in your script which you want to run on another server.
You can do it with sshpass like :
sshpass -p **your_password** ssh user#HostIP
If sshpass is not already installed, you can install it and make the first connection in bash console for "the yes confirmation"
Here is what I know:
echo "password" | sudo SOME_COMMAND
The above mentioned command will log in as root directly in Bash shell and run SOME_COMMAND.
What I am trying to do:
I want to perform same task, but from a remote machine. For that I want to pass the password as a variable via an SSH command. Something like this:
ssh -o PASSWORD=password user#hostA 'echo $PASSWORD | sudo SOME_COMMAND'
(Reference: When ssh'ing, how can I set an environment variable on the server that changes from session to session?)
But it doesn't pass the $PASSWORD variable.
How can I do it?
Simple summary:
Here is what I want to do:
I want to pass a variable to remote host when I log in through SSH so I can access it in the remote host script.
You can use the sshpass utility to do this task.
But this is not a secure way; your password is not in an encrypted format.
Reference: sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script
You should not use sudo and ssh in one line. Here is a discussion and solution that I was answering yesterday on Super User.
To pass a variable though a pipe you can do the following...
echo "Hello, World!" | ssh USER#HOST cat
Other methods would be passing files via scp or rsync.
I want to transfer some files from my local to remote, like github does it. I want to happend it very smooth like in shell script. I tried creating one shell script which automates the process of ssh authentication without password but for first time it exposes my remote server password. I dont want to do it that way. Like in git we can't see their server password. Is there any possible way that we can do ?
I used this article script to automate ssh login. http://www.techpaste.com/2013/04/shell-script-automate-ssh-key-transfer-hosts-linux/
As i mentioned, you can use the scp command, like this:
scp /local_dir/some*.xml remote_user#remote_machine:/var/www/html
This requires that you need connect to the remote machine without password, only with ssh key-authentication.
Here is a link: http://linuxproblem.org/art_9.html to help you.
The important steps: (automatic login from host A / user a to Host B / user b.)
a#A:~> ssh-keygen -t rsa
a#A:~> ssh b#B mkdir -p .ssh
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
I am running an automation script to automate the login and some other commands to be run on a remote target using plink. I used following approach to do a automatic login and saving the RSA key:
user#ubuntu~$ echo -e 'y\n' | plink root#<target ip> -pw <password> "pwd"
This command saves the key when run through command line, but when run using script, is inconsistent in saving the RSA key. Consider username and password being passed as correct, it prompts the error message as the Connection refused, as 'y' is not fetched in the prompt input.
Many times, it will prompt for accepting the key again and again as I have many simultaneous consecutive plink commands used in my script. Ideally, it shouldn't ask for user input more than once. I checked, 'sshhostkeys' file which was not present in ~/.putty folder, which is the cause for prompt for user input each time plink is run.
Has anyone faced this problem earlier? Any fix for this , or any hack/workaround for this?
P.S: Using expect scripts, or manually saving a profile using putty, or manually running the plink command and saving the key for once, is being ruled out (not to be considered).
Got the solution, actually the issue was with permission assigned to the $HOME/.putty directory. The ownership information for the folder was also root, thus when I was trying to run
user#ubuntu~$ echo -e 'y\n' | plink root#<target ip> -pw <password> "pwd"
I was getting the prompt for '(y/n)' repeatedly as the key was not getting saved in .putty folder due to the permission issues. Above command when once run was not able to create file sshhostkeys file due to which it was asking again and again for saving the key, each time it tries to save the key but was not able to save as it didn't have root permission. This issue is resolved by assigning rwx permission for all other (sudo chmod 707 ~/.putty) or other approach can be changing the ownership information to the user running the script by 'chown'.
I am new to linux and am having trouble doing this.
I need to download files and this is currently what I do to access the file.
SSH into server A.
From server A, SSH to server B
After logging into server B, run the following command:
sudo -i -u testuser
I enter a password and then I have the privileges I need.
How would I replicate this with WinSCP? I can login to the server following the guide here:
https://superuser.com/questions/303486/sftp-over-double-server-hop
But I cannot download the files because I don't have permissions. How do I execute that sudo command and enter a password in the login process using WinSCP? Or an alternative program (that runs on OSX). My ultimate goal is to download a file form the(double remote) computer to my local computer.
You need to combine two "advanced" features of WinSCP.
Tunneling: That's what the Super User question you have referred to deals with:
SFTP over double server hop
Sudo: There's another Super User question that deals with this:
How to change user in WinSCP?
It is basically covered in WinSCP FAQ How do I change user after login (e.g. su root)?
This is a tricky part.
You can use the solution you've already found, just use:
ssh -o ProxyCommand='ssh myfirsthop nc -w 10 %h %p' testuser#mydestination