I'm running a script that copies files from another server.... It's prompting for a password of that server... Every time I need to enter the password manually... So s there any way to automate this?
scp root#ip:file_location destination
Note for security purposes I was not supposed to use password less login, or ssh
You can try to use sshpass which takes the password from an evironment variable named "SSHPASS" if switch -e is provided. So you can use something like:
export SSHPASS=<yourpw>
sshpass -e scp <sourcefile> user#ip:<targetpath/filename>
But of course it still uses ssh underneath, like Sergiy explained in the comment.
Related
I want to write a shell script and put it in a cron. This shell script will copy one particular directory from my server to another server everyday once. So, I don't want it to prompt for passwords. Is there something that I can add in my script so that it wont ask for passwords everyday?
You need to have a password less SSH Login in your Unix Boxes
Below link describe how to set password less SSH login
http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/
you can use FTP or NDM to transfer the Files
In this way you can achieve your requirement.
Using the below script, I am able to achieve what I mentioned :
#!/bin/bash
com="sshpass -p Password0 scp arul#172.25.184.93:/home/arul/test.sh ."
eval $com
You can use RSA key option also for this. Using RSA key you can authorized your second server in first server. This is one time operation.
ssh-copy-id -i ~/.ssh/id_rsa.pub [Your 2nd server IP]
Example:-
[root#vasmon home]# ssh-copy-id -i ~/.ssh/id_rsa.pub xxx.xxx.xxx.xxx
root#xxx.xxx.xxx.xxx's password:
Now try logging into the machine, with "ssh 'xxx.xxx.xxx.xxx'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root#vasmon home]#
I have to write a shell script which ssh to another server with other username without actually asking for a password from the user?
Due to constraints I cannot use key based authentication.
let,
Source Server -- abc.efg.com
Source UserName -- tom
Source Password -- tom123
Destination Server -- xyz.efc.com
Destination UserName -- bob
destination Password -- bob123
I have to place the bash script in source server.
Please let me know if something could be done using expect tool and/or sshpass.
It is okay for me to hardcode the password for destination server in the bash script but I cannot bear an interactive session, simply when I run he script, I want to see the destination server logged in with another username.
Thanks in Advance.
You want to use key-authentication http://ornellas.apanela.com/dokuwiki/pub:ssh_key_auth
Generate your keys ssh-keygen
Copy the keys to your new box ssh-copy-id -i ~/.ssh/id_rsa.pub me#otherhost.com
ssh to other host without password ssh me#otherhost.com
You can use expect to wrap ssh, but it's pretty hectic, and fails easily when there are network errors, so test it well or use a script specifically designed for wrapping ssh passwords. Key based authentication is better.
You can prevent interactive sessions by redirecting standard input from the null device, ie.
ssh me#destination destination-command < /dev/null
About placing the script in the source server, if the script you are running is local, rather than remote, then you can pass the script on standard input, rather than the command line:
cat bashscript.sh | ssh me#destination
You can install the sshpass program, which lets you write a script like
#!/bin/bash
sshpass -p bob123 ssh UserName#xyz.efc.com
The answer is that you can't as OpenSSH actively prevent headless password-based authentication. Use key-based authentication.
You may be able to fork the OpenSSH client code and patch it, but I think that is a bit excessive.
I want to sync some files from a remote server to local system. Because the files are large, it may last for several hours, so i want to run it as nohup:
nohup rsync -r <user>#<remote>:<dir> <local-dir> &
The problem is that it prompted for the password of the remote server, but after i typed the password, the bash just said
-bash: mypassword: command not found
I have also tried the --password-file option, but seems the --password-file is not for SSH account, it's for rsync service.
Could someone tell me how to input password automatically while keeping the nohup.
you don't want to input a password for that kind of use case. But you can use a ssh key (ssh-keygen -f ~/.ssh/id_rsa_that_key) protected by a password, and use ssh-add ~/.ssh/id_rsa_that_key to keep that password in cache. And indeed it's not programmer related...
From the manpage:
Some modules on the remote daemon may require authentication. If so, you will receive a password prompt when you connect. You can avoid the password prompt by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option. This may be useful when scripting rsync.
WARNING: On some systems environment variables are visible to all users. On those systems using --password-file is recommended.
It seems to me that your error is because you're assigning the password into a variable and it is being interpreted as a command by your bash script.
Try to set the above environment variable, remove "mypassword" from your bash script and give it another try!
I want to write one shell script like
command1
ssh vivek#remotehost
fire command on remote host
Now I have password in pass.txt . But when I change stdin with file. It is not reading password from file.
script.sh < password.txt
It is prompting for the password in place of reading password from the file.
What I am doing wrong ?
Second problem is that shell script don't shows the command fired. Is there a way , I can show fired command from it ?
Note :
I don't have key based access on remote system. I can only use password based login for ssh.
You can use ssh-agent or expect (the programing language) to do this.
OpenSSH ssh does not reads the password from stdin but from /dev/tty. That's why you have to use Expect or some other similar tool to automate it.
plink is another client, also available for Linux/Unix that accepts the password as a parameter on the command line... though that has some ugly security implications.
Okay, just to mention yet another option: sshpass is a tool developed for exactly the task of "fooling" regular openssh client to accept password non-interactively.
When I try to use an ssh command in a shell script, the command just sits there. Do you have an example of how to use ssh in a shell script?
Depends on what you want to do, and how you use it. If you just want to execute a command remotely and safely on another machine, just use
ssh user#host command
for example
ssh user#host ls
In order to do this safely you need to either ask the user for the password during runtime, or set up keys on the remote host.
First, you need to make sure you've set up password-less (public key login). There are at least two flavors of ssh with slightly different configuration file formats. Check the ssh manpage on your system, consult you local sysadmin or head over to How do I setup Public-Key Authentication?.
To run ssh in batch mode (such as within a shell script), you need to pass a command you want to be run. The syntax is:
ssh host command
If you want to run more than one command at the same time, use quotes and semicolons:
ssh host "command1; command2"
The quotes are needed to protect the semicolons from the shell interpreter. If you left them out, only the first command would be run remotely and all the rest would be run on the local machine.
You need to put your SSH public key into the ~/.ssh/authorized_keys file on the remote host. Then you'll be able to SSH to that host password-less.
Alternatively you can use ssh-agent. I would recommend against storing the password in the script.
You can use expect command to populate the username/password info.
The easiest way is using a certificate for the user that runs the script.
A more complex one implies adding to stdin the password when the shell command asks for it. Expect, perl libraries, show to the user the prompt asking the password (if is interactive, at least), there are a lot of choices.