I want to use the tool cntlm to authenticate via basic authentication against our corporate proxy server, which uses the ntlm protocol.
CNTLM uses a cntlm.conf file to get your proxy authentication credentials.
If you don't want to use your password in plain text, you can generate hashes with the command. (That's what I want!)
cntlm -u <user> -d <domain> -f -H.
The problem here is, that we use a rolling password policy here and I want to write a bash script for automating the hash generation, inserting in the config file and restarting the cntlm service.
Unfortunately the above shown command generates the password hashes interactively and I couldn't find a way to wrap this in a bash script.
I am a bash scripting newbie though and could use some advice here ;)
For my cntlm version (0.92.3) a simple echo pipe works like charm:
echo "PASSWORD" | cntlm -u USER -d DOMAIN -f -H
Related
I had to automate my postgre database backup. As instructed by my software vendor I am trying to use pg_dump.exe (see below) file to take a backup but that prompts me for password.
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
So googled and found that as per "https://www.postgresql.org/docs/9.6/libpq-pgpass.html" I can create a pgpass.conf file within 'C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf" which I did.
Then I tried to pass data of pgpass.conf file to env variable before executing my pg_dump command. But it is not working. Still I am getting prompt to enter password. This is the content of pgpass.conf file: *:*:*:postgres:password
Below is the code I am trying in PowerShell,
$Env:PGPASSFILE="C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf"
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin"
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
Why am I still being asked for password?
When I type following code $Env:AppData I get following response "C:\Users\User1\AppData\Roaming"
Everywhere there are guidance on how to use it in UNIX or command prompt but not in powershell. Any help is appreciated. Also if you could direct me how to secure this password file then it will be great.
With password prompt I cannot automate it with windows task scheduler.
I suspect you have a suitable solution, however, as a quick (and not secure) workaround via the command prompt, you can use the variable PGPASSWORD to hold the password then run the backup script.
A sample might be something like:
SET PGPASSWORD=password
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" pg_dump.exe -h localhost -p 4432 -U postgres -b -F t -f "d:\qs_backup\QSR_backup.tar" QSR
Rod
I have yet to get the damned thing to work yet, but I did find this:
-w
--no-password Never issue a password prompt. If the server requires password authentication and a password is not available by other means
such as a .pgpass file, the connection attempt will fail. This option
can be useful in batch jobs and scripts where no user is present to
enter a password.
I don't see a -w parameter in your call to pg_dump
I used pg_hba file to allow connection "trust" this is riskier method but I had to get things done ASAP. Thank you for your time and effort
I want a script to upload daily files using sftp. Unfortunately, the remote server doesn't support ssh keys (it's my customer's server and for some reason they can't or won't change it despite countless recommendations). So I need to somehow log in automatically using password authentication.
I found many different solutions (here on SO and elsewhere) but they all seem to use tools like sshpass, spawn, expect, send etc. Unfortunately my script is to be used on macOS and these tools aren't available there.
I fully realize it is NOT secure to use plaintext passwords in a script or on the command line. But using ssh keys is simply not an option at this stage.
So, is it possible to run sftp from the shell and specify the password either on the command line in plaintext, or specify some argument with a filename that contains the password?
Addition: after #MartinPrikryl's comment I got sshpass to work, by using brew install esolitos/ipa/sshpass.
However now I found out this doesn't work properly when I use the -b batch.txt parameter for sftp to process a bunch of commands. The batches I'm processing are typically a bunch of get and put commands.
So this works:
sshpass -f MyPassword.txt sftp rocketnuts#example.com
(I am logged in and getting the sftp prompt)
But this does not:
sshpass -f MyPassword.txt sftp -b list.txt rocketnuts#example.com
I'm getting this error:
rocketnuts#example.com: Permission denied (password).
So apparently the way sshpass sends the password to sftp somehow interferes with the batch input from the -b parameter.
Is there a way to make sshpass (or another form of scriptable authentication) work in combination with the -b option??
First, you can install sshpass even on MacOS:
How to install sshpass on Mac?
Though indeed, with -b switch, the sftp probably cannot accept a password, as the -b disables all interactive input (what sshpass simulates).
As an alternative to -b, you can use an input redirection:
sshpass -f MyPassword.txt sftp rocketnuts#example.com < list.txt
I'm running a script that copies files from another server.... It's prompting for a password of that server... Every time I need to enter the password manually... So s there any way to automate this?
scp root#ip:file_location destination
Note for security purposes I was not supposed to use password less login, or ssh
You can try to use sshpass which takes the password from an evironment variable named "SSHPASS" if switch -e is provided. So you can use something like:
export SSHPASS=<yourpw>
sshpass -e scp <sourcefile> user#ip:<targetpath/filename>
But of course it still uses ssh underneath, like Sergiy explained in the comment.
So I want to call a REST API from Bamboo after a deployment has completed.
This API needs a username and password but it can't be stored in Bamboo as it seems it can be viewed in the Bash History of the Build agent.
I intended to use a script task and execute something like
curl -f -v -k --user "${bamboo.user}":"${bamboo.password}" -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name"/
This would make the REST call. But the username and password is a problem.
I do have the option, however of using a PEM file. It can be provided so does anyone know if this can be used in conjunction with the cURL?
--OR--
One other thought- could I encrypt a password within a file in my source control, and somehow decrypt it on the build agent, and then have curl use the file instead of reading the password from the command line? How would this look in cURL?
Any ideas how this could be achieved?
Your command seems to have an extra quote at the end of your command
Using a pem file to authenticate with curl:
curl -E /path/to/user-cert.pem -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name
The file should have both private key and public key inside.
I have to write a shell script which ssh to another server with other username without actually asking for a password from the user?
Due to constraints I cannot use key based authentication.
let,
Source Server -- abc.efg.com
Source UserName -- tom
Source Password -- tom123
Destination Server -- xyz.efc.com
Destination UserName -- bob
destination Password -- bob123
I have to place the bash script in source server.
Please let me know if something could be done using expect tool and/or sshpass.
It is okay for me to hardcode the password for destination server in the bash script but I cannot bear an interactive session, simply when I run he script, I want to see the destination server logged in with another username.
Thanks in Advance.
You want to use key-authentication http://ornellas.apanela.com/dokuwiki/pub:ssh_key_auth
Generate your keys ssh-keygen
Copy the keys to your new box ssh-copy-id -i ~/.ssh/id_rsa.pub me#otherhost.com
ssh to other host without password ssh me#otherhost.com
You can use expect to wrap ssh, but it's pretty hectic, and fails easily when there are network errors, so test it well or use a script specifically designed for wrapping ssh passwords. Key based authentication is better.
You can prevent interactive sessions by redirecting standard input from the null device, ie.
ssh me#destination destination-command < /dev/null
About placing the script in the source server, if the script you are running is local, rather than remote, then you can pass the script on standard input, rather than the command line:
cat bashscript.sh | ssh me#destination
You can install the sshpass program, which lets you write a script like
#!/bin/bash
sshpass -p bob123 ssh UserName#xyz.efc.com
The answer is that you can't as OpenSSH actively prevent headless password-based authentication. Use key-based authentication.
You may be able to fork the OpenSSH client code and patch it, but I think that is a bit excessive.