SSH tectia, how to run batch commands? - windows

I have tectia ssh server in a windows environment.
When I use sftpg3 -B cmd.txt username#host that works fine. The only problem is that it doesnt let me execute files remotely, it only lets me move files. It reads the commands from cmd.txt but since I cant execute anything it ignores the commands.
Well when I do the same thing but use sshg3, it doesnt recognize the -B flag at all.
SSHG3 -B cmd.txt username#host
cmd.txt' is not recognized as an internal or external command,
operable program or batch file.
I've tried putting -B "cmd.txt"
I tried just putting the cmd.txt contents in the same script instead of housing them in cmd.txt and getting rid of -B, but it doesnt run them that way either.
The docs dont have much to go off of. All it says is use -B for batch processing.
Contents of cmd.txt:
D:
cd Library
cd Backup
parseLibrary.cmd
exit
Trying to sshg3 into a host, navigate to a path and run a batch file on that host.
Any ideas?
-B, --batch-mode
Uses batch mode. Fails authentication if it requires user interaction on the terminal.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
It does use public key authentication, there is no user interaction needed on the terminal.
Noticed this on the docs for sftpg3
-B [ - | batch_file ]
The -B - option enables reading from the standard input. This option is useful when you want to launch processes with sftpg3 and redirect the stdin pipes.
By defining the name of a batch_file as an attribute, you can execute SFTP commands from the given file in batch mode. The file can contain any allowed SFTP commands. For a description of the commands, see the section called “Commands”.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
I'm guessing batch file is different than batch mode?
*I figured it out. You have to use the -B flag for every command you want to execute.

I figured it out. You have to use the -B flag for every command you want to execute.
sshg3 user#host -B dir -B ipconfig -B etc.cmd

Related

Automating SFTP password authentication on macOS for use with -b batch processing?

I want a script to upload daily files using sftp. Unfortunately, the remote server doesn't support ssh keys (it's my customer's server and for some reason they can't or won't change it despite countless recommendations). So I need to somehow log in automatically using password authentication.
I found many different solutions (here on SO and elsewhere) but they all seem to use tools like sshpass, spawn, expect, send etc. Unfortunately my script is to be used on macOS and these tools aren't available there.
I fully realize it is NOT secure to use plaintext passwords in a script or on the command line. But using ssh keys is simply not an option at this stage.
So, is it possible to run sftp from the shell and specify the password either on the command line in plaintext, or specify some argument with a filename that contains the password?
Addition: after #MartinPrikryl's comment I got sshpass to work, by using brew install esolitos/ipa/sshpass.
However now I found out this doesn't work properly when I use the -b batch.txt parameter for sftp to process a bunch of commands. The batches I'm processing are typically a bunch of get and put commands.
So this works:
sshpass -f MyPassword.txt sftp rocketnuts#example.com
(I am logged in and getting the sftp prompt)
But this does not:
sshpass -f MyPassword.txt sftp -b list.txt rocketnuts#example.com
I'm getting this error:
rocketnuts#example.com: Permission denied (password).
So apparently the way sshpass sends the password to sftp somehow interferes with the batch input from the -b parameter.
Is there a way to make sshpass (or another form of scriptable authentication) work in combination with the -b option??
First, you can install sshpass even on MacOS:
How to install sshpass on Mac?
Though indeed, with -b switch, the sftp probably cannot accept a password, as the -b disables all interactive input (what sshpass simulates).
As an alternative to -b, you can use an input redirection:
sshpass -f MyPassword.txt sftp rocketnuts#example.com < list.txt

Use PuTTY's -m parameter to run script on login

In the putty manual outlines how to use the program with command line parameters. I have this setup with a shortcut on my toolbar to automatically log me into my server.
"C:\Program Files\PuTTY\putty.exe" username#server -pw .... -C
However, I'd like to run a simple script to automatically put me in a specific directory once I log in. I saw there's the -m command to give "a local file name, and it will read a command from that file".
With a file at the destination I've tried the following options:
"C:\Program Files\PuTTY\putty.exe" username#server -pw .... -C -m "C:\local file\script.txt"
"C:\Program Files\PuTTY\putty.exe" username#server -pw .... -C -m "C:\local file\script.sh"
"C:\Program Files\PuTTY\putty.exe" username#server -pw .... -C -m "/server/file/with/755/permissions/script.sh"
And nothing worked.
I'm trying to find an example of this parameter and use but I can't find one. How can I properly use this parameter.
Quoting the docs,
The -m option performs a similar function to the ‘Remote command’ box in the SSH panel of the PuTTY configuration box (see section 4.19.1). However, the -m option expects to be given a local file name, and it will read a command from that file.
And quoting section 4.19.1,
In SSH, you don't have to run a general shell session on the server. Instead, you can choose to run a single specific command (such as a mail user agent, for example). If you want to do this, enter the command in the ‘Remote command’ box.
Note that most servers will close the session after executing the command.
Note the "instead". This is not a command to run in the shell before passing control to you. This is a command to run instead of a shell.
You can't just put cd /wherever and expect to end up in a shell in directory /wherever. You might be able to write a command that will run a shell in the directory you want and give you control, though I'm not sure how to get all the details correct.

Can't launch putty with remote command?

I'm attempting to launch putty via the command line in such a way that it runs a command on the server (I want to create a windows shortcut, to tail a log file)
So far I have a batch file containing this
"C:\Program Files (x86)\PuTTY\putty.exe" -ssh -t -pw -m tail_catalina_out -load "myprofile"
And within my server I have a file at the root directory named tail_catalina_out with the following contents.
tail -f /opt/tomcat/logs/catalina.out
Putty launches and my session starts successfully, but no command appears to be carried out despite this? Am I misunderstanding how this works?
You don't need -ssh with -load profile (and if you use a nonstandard port like my test it doesn't work at all); in fact you don't need it with [user#]host because it's the default
-pw -m tail_catalina_out uses -m as your password (which I hope is incorrect, so you should be reprompted unless publickey auth is set-up) and ignores tail_catalina_out
the file for -m must be local i.e. on the PuTTY machine not on the server (although the commands in it will be sent to, and must be valid on, the server)
Thus: "\path\to\putty" -t -m localcmdfile -load profile
You could also use plink which runs in the console and takes either -m localfile or the actual remote command on the command line after the last option (like the OpenSSH client ssh):
"\path\to\plink" -t -load profile tail -f remotefile
As usual, you can omit the quotes around the path if it contains no space. Personally I use \progra~2 instead of bothering with "\program files (x86)" but that's just me, and it may depend on a clean install (instead of upgrade).

Running Unix scripts remotely from Windows terminal and passing back prompts

I'm using plink to run a script on a remote server (Linux) from a Windows machine. Part of the script prompts for inputs (authentication to various other remote servers that use different credentials). I don't want to store the password in the script as each use will be using their own for auditing reasons.
I need the prompt to be transmitted to the Windows terminal window and I need the input transmitted back to the Linux box. Additionally I need to write log all this into a file, like this:
plink username#unixbox /etc/scrips/myscript.bash > report.txt
At the moment the above works but all that prints to report.txt is the prompts
please enter password for reportBox1?
please enter password for reportBox2?
Instead I need it to send the password prompt and input to the Linux box to continue running the script as it normally would, only remotely. So the output of report.txt would read:
please enter password for reportBox1? *
File 1
File 2
File 3
please enter password for reportBox2? *
Data a
data b
data b
Hope that makes sense. If there's something better than plink can be used such as putty's ssh.exe please let me know that one instead.
First off: plink is PuTTY's ssh.exe.
If you want to be able to answer the password prompt on the Windows machine, you need to tell plink to allocate a pseudo-terminal with -t:
plink -t username#unixbox /etc/scrips/myscript.bash
Now you get the prompt and input will be sent back. But if you redirect STDOUT to report.txt...
plink -t username#unixbox /etc/scrips/myscript.bash > report.txt
...you won't see the prompt, because it's redirected into report.txt (although the script still runs and waits for your input). To get around this, you need some tool which allows you to redirect the output to multiple destinations - STDOUT and report.txt at the same time. In the *nix world, the command for this is tee. There are ports of tee for Windows:
as part of GnuWin32 (this is what I'm using)
as part of UnxUtils
as batch, perl and rexx versions
Having set one of those up, you'd do:
plink -t username#unixbox /etc/scrips/myscript.bash | tee report.txt
Security note: If the password prompts in the script on the Linux machine echo what was input, the passwords will of course also be logged in report.txt, which might be a problem.

How to automate password entry?

I want to install a software library (SWIG) on a list of computers (Jenkins nodes). I'm using the following script to automate this somewhat:
NODES="10.8.255.70 10.8.255.85 10.8.255.88 10.8.255.86 10.8.255.65 10.8.255.64 10.8.255.97 10.8.255.69"
for node in $NODES; do
scp InstallSWIG.sh root#$node:/root/InstallSWIG.sh
ssh root#$node sh InstallSWIG.sh
done
This way it's automated, except for the password request that occur for both the scp and ssh commands.
Is there a way to enter the passwords programmatically?
Security is not an issue. I’m looking for solutions that don’t involve SSH keys.
Here’s an expect example that sshs in to Stripe’s Capture The Flag server and enters the password automatically.
expect <<< 'spawn ssh level01#ctf.stri.pe; expect "password:"; send "e9gx26YEb2\r";'
With SSH the right way to do it is to use keys instead.
# ssh-keygen
and then copy the *~/.ssh/id_rsa.pub* file to the remote machine (root#$node) into the remote user's .ssh/authorized_keys file.
You can perform the task using empty, a small utility from sourceforge. It's similar to expect but probably more convenient in this case. Once you have installed it, your first scp will be accomplished by following two commands:
./empty -f scp InstallSWIG.sh root#$node:/root/InstallSWIG.sh
echo YOUR_SECRET_PASSWORD | ./empty -s -c
The first one starts your command in the background, tricking it into thinking it's running in interactive mode on a terminal. The other one sends it data from stdin. Of course, putting your password anywhere on command line is risky due to shell history being preserved, users being able to see it in ps results etc. Not secure either, but a bit better thing would be to store the password in a file and redirect the second command's input from that file instead of using echo and a pipe.
After copying to the server, you can run the script in a similar manner:
./empty -f ssh root#$node sh InstallSWIG.sh
echo YOUR_SECRET_PASSWORD | ./empty -s -c
You could look into setting up passwordless ssh keys for that. Establishing Batch Mode Connections between OpenSSH and SSH2 is a starting point, you'll find lots of information on this topic on the web.
Wes' answer is the correct one but if you're keen on something dirty and slow, you can use expect to automate this.

Resources