I am using this below script and i am getting this error -p: command not found
Code:
echo "Enter the server name"
read -s server
echo "Enter the Remote Username"
read -s Rem_user
echo "Enter the Remote Password"
read -s rmtpasswrd
output=sshpass -p ${rmtpasswrd} ssh ${Rem_user}#${server} -T 'df -h;'
echo $output
Please let me know what is the error in the script.
You need to use a command substitution to run ssh and capture its output.
output=$(ssh "${Rem_user}#${server}" 'df -h')
There is no reason to use sshpass if you are going to prompt the user for a password. ssh already does that (and more securely than you can).
Related
I want to write a shell script where user interaction is not allowed and I want to use sftp login with in the script. Now I have few challenges to execute this approach.
There is no user interaction so I can only provide the options as a argument while executing the script. Script can be like this.
#!/bin/bash
if [[ "${#}" -lt 4 ]]; then
echo -e "Usage: ${0} <sftpUser> <sftpPassword> <sftpHost> <sftpPort>"
exit 1
fi
sftpUser=${1}
sftpPassword=${2}
sftpHost=${3}
sftpPort=${4}
remote_dir="/home/vagrant"
source_dir="/home/vagrant/sftpDir"
sftpFile="/tmp/tempfile"
echo "cd ${remote_dir}" >> ${sftpFile}
echo "mget * ${source_dir}" >> ${sftpFile}
echo "quit" >> ${sftpFile}
expect -c "
spawn sftp -P ${sftpPort} -o "BatchMode=no" -b "${sftpFile}" ${sftpUser}#${sftpHost}
expect -nocase \"*Password:\" { send \"${sftpPassword}\r\"; interact }
"
rm -rf ${sftpFile}
$ ./shellscript.sh user1 password#123 192.168.0.1 22
Here, we need to provide the argument with the script itself and here we are using the plain text format for password password#123
How can we use the encrypted password in the argument as this can be a risk to expose the password?
Is there any other approach to execute this scenario?
I am not able to find any approach to pass the encrypted password with SFTP login.
I do not know why I am getting an error when I run my script with SSH, but when I run the bash from my CA server everything works fine.
I installed my VPN server based on this article https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04
I wrote a bash for the VPN creation but when I try to run it I need to SSH to the other server at some point. If I start the script with SSH in it I got an error message:
>./easyrsa: 341: set: Illegal option -o echo
My bash contain this and run from my VPN server:
sshpass -p $PASSWORD ssh username#"CA server IP" "/home/username/makevpn.sh $NAME $PASSWORD"
And makevpn.sh contain this:
>./easyrsa sign-req client $NAME
After this run it seems okay but give that error above.
I tried to read after this error and found nothing. :( Hope someone can help because I am hopeless after 4 days of troubleshooting.
Code of VPN script
#!/bin/sh
clear
read -p "Please enter the name of the new certificate : " NAME
read -p "Please enter the Password : " PASSWORD
cd /home/username/EasyRSA-3.0.7/
./easyrsa gen-req $NAME nopass
echo "gen-req done"
cp /home/username/EasyRSA-3.0.7/pki/private/$NAME.key /home/username/client-configs/keys/
echo "cp done"
sshpass -p $PASSWORD scp /home/username/EasyRSA-3.0.7/pki/reqs/$NAME.req username#192.168.1.105:/tmp
echo "scp done"
sshpass -p $PASSWORD ssh username#192.168.1.105 "/home/username/makevpn.sh $NAME $PASSWORD"
echo "ssh done"
cp /tmp/$NAME.crt /home/username/client-configs/keys/
echo "last CP done"
sudo /home/username/client-configs/make_config.sh $NAME
echo "All Done"
Code on CA server
#!/bin/sh
NAME=$1
PASSWORD=$2
cd /home/username/EasyRSA-3.0.7/
echo "CD Done"
./easyrsa import-req /tmp/$NAME.req $NAME
echo "Import-req done"
./easyrsa sign-req client $NAME
echo "Sign-req done"
sshpass -p $PASSWORD scp /home/username/EasyRSA-3.0.7/pki/issued/$NAME.crt username#192.168.1.103:/tmp
echo "Scp done"
I was just browsing the code of that easyrsa script here. This one is likely different from yours given the line for the error is 341. On the Github page, it is line 352 and it is part of a function called cleanup. It appears that this function is only attached as a trap (line 2744). Traps are used to catch signals like sigint (interrupt) which is normally sent on the terminal with ctrl+c (and may display a character like ^C). The reason the error only displays in your script is it likely causes a signal to be emitted that you would not normally receive if you ran it manually over ssh.
The error itself is really not an issue.
Code from Github:
Line 352:
(stty echo 2>/dev/null) || { (set -o echo 2>/dev/null) && set -o echo; }
Line 2744:
trap "cleanup" EXIT
It appears that line is just trying to turn terminal output of your typed characters back on (via stty echo). Sometimes programs will disable terminal output somewhere, and then re-enable it when the program finishes. However, if you were to kill the program mid way through (e.g. with ctrl+c), your program would terminate with the terminal output still disabled. This would make the terminal appear to be frozen. It would still work, but would not display the characters you type with your keyboard. The point of the trap is to ensure that terminal output is re-enabled no matter how the program exits.
More info...
At line 567 there is a function that disables echo. Looks like the point is to not show a password to the screen. If you were to kill the program during password reading, echo would remain disabled on the terminal. Likely the reason for the error has more to do with the way you are running the script. For whatever reason it causes stty echo to fail. Line 352 is assuming that the failure is due to stty echo not being a valid command. So on failure ( || ), it tries a different method (set -o echo) of enabling echo. If I try to run that on my terminal, I also get an error (bash 4.2):
-bash: set: echo: invalid option name
I'm trying a bash script where i'm taking an argument of a file which has the IP address. I'm using sshpass, but with this i'm not able to know if ssh login was successful or not. Is there a way to check this ?
Please suggest if not sshpass, do i need to use any other cmd, to do remote login and execute cmds ?
Here is the snippet of the code :
#!/bin/bash
filename="$1"
while read -r line; do
sshpass -p 'test' ssh -o StrictHostKeyChecking=no test#$line 'df -h'
done < "$filename"
Have tried the suggested way to check $? value (if its incorrect password, $? value will be 5, however with valid or invalid password, shell script is not echoing 'wrong password', its always echoing "Can ssh to box- Password is correct" as per the following code :
#!/bin/bash
filename="$1"
while read -r line; do
sshpass -p 'test' ssh -o StrictHostKeyChecking=no test#$line 'df -h'
if [ $? -eq 5]
then
echo "Wrong password"
else
echo "Can ssh to box- Password is correct"
fi
done < "$filename"
My Requirement is to ssh to the remote box and execute commands. And in case, ssh fails i.e password is invalid, it need to print that password is invalid.
Use return value from sshpass.
According to man sshpass:
RETURN VALUES
As with any other program, sshpass returns 0 on success. In case of failure, the following return codes are used:
5 Invalid/incorrect password
After running sshpass, in bash return value from command is stored in $? variable.
Proof:
devilan#localhost:~ $ sshpass -p 'test' ssh smurf#localhost
devilan#localhost:~ $ echo $?
5
Sugested usage:
sshpass -p 'test' ssh smurf#localhost
if [ $? -eq 5 ]
then
echo "Wrong password"
else
echo "Something else"
fi
Space was missing after 5, and thus if condition wasn't getting evaluated successfully.
Here is the modified code which works :
filename="$1"
while read -r line; do
sshpass -p 'test' ssh -o StrictHostKeyChecking=no test#$line 'df -h'
if [ $? -eq 5 ]
then
echo "Wrong password"
else
echo "Can ssh to box- Password is correct"
fi
done < "$filename"
Okay, so I am new to bash scripting, about 2 whole hours and I'm banging my head against a wall. I need to carry some variables from one script to another and can't seem to get it to work.
This works fine
script1.sh
echo "Enter your name"
read name
export name
./script2.sh
sript2.sh
echo $name
This does not
script1.sh
echo "Enter your name"
read name
export name
ssh $user#$domain "bash -s" < ./script2.sh
sript2.sh
echo $name
The code is dumb, I get that but basically what I want to do is pass database variables to script 2 to use on the server I've SSH'd into. I would do this all in one script but it seems the only way that I can get the server commands to run is to call a second script after the login, otherwise it runs the server commands locally and fails. I'm doing this from a Mac if that makes any difference at all.
Help?
** Update with more legitimate code ****
login.sh
#!/bin/bash
echo "Enter server username:"
read user
echo "Enter server domain"
read domain
echo "Enter your password"
read password
echo "Enter database name"
read database
export database
export user
export domain
export password
ssh $user#$domain "bash -s" < ./create_files.sh
create_files.sh
#!/bin/bash
cd public_html
tar -zcvf test.tar.gz test.html
echo "db:"$database
mysqldump -u $user -p"$password" $database > $database.sql
The goal here is to use the details from login.sh in create_files.sh after this is done I also need to use the login details to scp the created files back to my local machine. Hope this clarifies the problem.
When invoking ssh, it creates a new shell process which is not inheriting the new variables that you exported in the first script. Instead, try adding them as commandline parameters to the second script, like so:
#!/bin/bash
echo "Enter server username:"
read user
echo "Enter server domain"
read domain
echo "Enter your password"
read password
echo "Enter database name"
read database
ssh $user#$domain "bash -s" < ./create_files.sh "$user" "$password" "$database"
Then modify your second script to look like this:
#!/bin/bash
cd public_html
tar -zcvf test.tar.gz test.html
echo "db:$3"
mysqldump -u "$1" -p"$2" "$3" > "$3".sql
My SSH server uses both password and identity file authentication. I don't want to change this behaviour.
I want to check if $THE_IDENTITY file is known by the server('s user) or not.
That's why I use this code:
echo "Check if server knows the SSH identity:"
if [ "$(ssh user#host -i ${SSH_ID_FILE} echo 'hello')" == 'hello' ]; then
echo "Server already knows me"
else
echo "Registering SSH ID Key to the server..."
ssh-copy-id -i $SSH_ID_FILE "user#host"
fi
But, the problem is, inside the "if" statement, if server does not know ID file, it asks for password, that's why my code works wrong.
How can I change my ssh line to make it exit if it fails with id file?
the following may do the trick:
ssh user#host -o NumberOfPasswordPrompts=0 -i .....
There's a keyword option to tell ssh not to use password authentication:
ssh user#host -o PasswordAuthentication=no ...
On Unix systems, details of all the keyword options can be found by:
man ssh_config