I am remotely running some commands on a VM. using sshpass in my script but i am not able to come out of a session after script's execution. it just hangs at the remote screen ( see below)
//script code
sshpass -p admin sh -T admin#10.10.10.X
ssh pass -p admin ssh -o StrictHostKeyChecking=no admin#10.10.10.X
----
<some more remote command>
end of script
----
//script execution
ansible-playbooks/roles/DCN-VSC/files# ./vsc_ops.sh admin 10.10.10.X 10.10.10.25 10.10.10.25 vsc:password#vsd.helion.org
XXXXXXXXXXX-76 cpm/i386 VSX Copyright (c) 2000-2015
All rights reserved. All use subject to applicable license agreements.
Built on Thu Jan 15 21:32:52 PST 2015 [c4263c] by builder in /rel3.0-DC/oem/4-OEM-76/paXX/main
above is remote console>
Do you really want to use sshpass?
It makes it too easy to ruin SSH's security. Have you considered using other password less approaches? SSH's public key authentication maybe?
Add an exit code at the end of the execution like :
exit 0
Related
I'm trying to automate enabling\disabling ports on a HP ProCurve 2510G-24 switch using Putty\Plink in the command prompt in Windows. Ultimately I want to be able to run a scheduled task to run the batch file which enable\disable any port on the switch.
I've managed to run across the following to get this done: -Putty\Plink -Manually setting "tty=none" on the switch -using the echo command
Using plink with the -batch and -ssh flags, tty=none, and the first echo with at least a "space"/any character gets me logged in and past the "Press any key to continue..." prompt non-interactively. (THIS IS SOMETHING I've found out we've all had trouble with!!!)
The second command shown is theoretically what would work, but my output is "'interface' is not recognized as an internal or external command, operable program or batch file."
The -m value apparently doesn't work with passing the commands from the text file to the HP, it appears that Plink can start a shell when the -m flag isn't used, and when -N/-s is used it hangs.
The third is what should work but doesn't seem to be able to pass the commands: config interface 2 enable
C:\Windows\system32>echo /config| plink.exe -batch -ssh admin#192.168.1.2 -pw 12345678 -v
Looking up host "192.168.1.2" for SSH connection
Connecting to 192.168.1.2 port 22
We claim version: SSH-2.0-PuTTY_Release_0.73
Remote version: SSH-2.0-OpenSSH_3.7.1p2
Using username "admin".
Sent password
Access granted
Opening main session channel
Opened main channel
Allocated pty
Started a shell/command
ProCurve J9279A Switch 2510G-24 Software revision Y.11.12
Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013.
HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
Press any key to continue
tty=none DC PC SW 2510G24 1# config
tty=none DC PC SW 2510G24 1(config)#
C:\Windows\system32>echo.config && interface 16| plink.exe -batch -ssh admin#192.168.1.2 -pw 12345678
config
'interface' is not recognized as an internal or external command, operable program or batch file.```
C:\Windows\system32>plink.exe -batch -ssh admin#192.168.1.2 -pw 12345678 [-N/-s] -m c:\scripts.[txt/bat]
I'm configuring a Icinga2 server and want it to run local scripts on external machines using the check_by_ssh plugin, and I encountered a strange issue. I've searched for an answer for few hours, but no luck.
My command object looks as follows:
object CheckCommand "check_procs" {
import "by_ssh"
vars.by_ssh_logname = "root"
vars.by_ssh_port = "22"
vars.by_ssh_command = "/tmp/test.sh"
vars.by_ssh_identity = "/etc/icinga2/conf.d/services/id_rsa.pub"
vars.by_ssh_ipv4 = "true"
vars.by_ssh_quiet = "true"
}
The content of test.sh is simply exit 0. I have a trust between my Icinga box and the remote machine I'm running the command at.
When I'm executing the command thru shell, it works
[root#icinga ~]# ssh root#10.10.10.1 -C "/tmp/test.sh"
[root#icinga ~]# echo $?
0
But when it is executed by the server, I see on my Icingaweb2 this output:
UNKNOWN - check_by_ssh: Remote command '/tmp/test.sh' returned status 255
Now I have added a touch success to test.sh script, in order to see if it is executed at all - but it seems it doesn't. That means when Icinga executes my script, it fails before even executing it.
Any clues what can it be? There are no many examples online either of check_by_ssh with Icinga2.
NOTE: Icinga uses root user to identify with the remote server. I know this is not best practice, but this is development env.
UPDATE: I think I have found the issue. The problem is that I'm trying to use root user to login the remote machine. This IS NOT supported, even with public key authentication. The script has to be executed with the user icinga
2nd Update: I got it works. The issue was keys authentication, the fact that icinga uses the user icinga to execute the command (even when using by_ssh_logname attribute) and the addition of vars.by_ssh_options = "StrictHostKeyChecking no"
My problem was that the used rsa key files wasn't owned by the "nagios" user:
-rw------- 1 nagios nagios 3.2K Nov 30 14:43 id_rsa
-rw-r--r-- 1 nagios nagios 766 Nov 30 14:42 id_rsa.pub
I've found the issues, there were few of them in my case.
Icinga used icinga user to login through SSH, even when I used -l root. So, to install ssh keys I had to execute ssh-copy-id icinga#HOST under root user (Icinga shell is set to /sbin/nologin)
I then copied the private key (again, of the root user) to icinga folder so it is accessible for the application, and changed the ownership of the file
Next, I tried to login using icinga user to the remote machine sudo -u icinga ssh icinga#HOST -i id_rsa
If step 3 fails, you need to figure it before you continue. Next thing I did was adding StrictHostKeyChecking no to the module options.
Voila, this works now.
I'd like to be able to sign into an ssh terminal and save the banner information, and immediately disconnect. For example i can ssh into my terminal with:
sshpass -p[PASSWORD] ssh -p 2201 [USER_NAME]#ipaddress
I get the following login welcome banner:
Linux 2.6.21 #1 PREEMPT Tue Feb 1 16:12:56 CST 2011
Site ID: xml
Last login: Wed Aug 3 09:25:29 2016 from 156.98.4.11
I can pipe the "last login" information with
sshpass -p[PASSWORD] ssh -p 2201 [USER_NAME]#ipaddress > lastlogin.txt
However, this doesn't save the rest of the banner and I still have to hit ctrl+d to disconnect. Any help would be appreciated.
The "login welcome banner" is motd (message of the day).
Motd message should be located located in /etc/motd and you should be able to copy it to your machine using scp command.
The command to do get motd would look something like:
sshpass -p [PASSWORD] scp -P [PORT] [USER_NAME]#[IP_OR_HOST]:/etc/motd lastlogin.txt
Nemanjas command is great, but be aware that the login banner isn't always located in the same file. On Ubuntu systems it's located in /etc/issue.net. The safest way would be to read the /etc/ssh/sshd_config file, where the Banner attribute is set.
grep Banner < /etc/ssh/sshd_config | cut -d' ' -f 2
Use this command to extract the file name.
I have a script in bash which connects to a host and on the remote host runs a script which needs root permissions.
I cannot directly login as root (and I don't want to do that) because of security problems.
I use the following script:
#!/bin/bash
ssh -tt user#host <<SSH
su - root
/tmp/script_with_root_permisions.sh
SSH
After running I get the following error:
user#hosts's password: #I type the ssh password for user "user"
And then:
tcgetattr: Inappropriate ioctl for device
Last login: Mon Feb 23 13:06:15 2015 from xxx.xxx.xxx.xxx
Password: And here the root password is shown as plain text and the script stops.
P.S: I run this script on Solaris NOT Linux. I saw some workarounds using sudo but in Solaris there is no sudo command.
I'm running Ubuntu 12.10, and I use Yahoo Webhosting, and I also have my own domain "example.com". I used to use FTP to transfer files to/from my webhosting account to update my website. But now Yahoo has just ended support for FTP, and now they require users to use only FTPS. I am happy about this change, because I know that FTP is insecure, and the move to FTPS is necessary. So I found lftp (http://lftp.yar.ru/), which seems to be a FTPS client that I could use to transfer files to/from Yahoo Webhosting. I was able to install it with "sudo apt-get install lftp", but when I try to connect to Yahoo Webhosting, it doesn't work.
Here's my system information:
user#hostname:~/Desktop >> more /etc/issue.net
Ubuntu 12.10
user#hostname:~/Desktop >> uname -a
Linux mojave 3.5.0-23-generic #35-Ubuntu SMP Thu Jan 24 13:05:29 UTC 2013 i686 i686 i686 GNU/Linux
user#hostname:~/Desktop >> lftp -v
LFTP | Version 4.3.8 | Copyright (c) 1996-2012 Alexander V. Lukyanov
LFTP is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with LFTP. If not, see http://www.gnu.org/licenses/.
Send bug reports and questions to the mailing list .
Libraries used: Readline 6.2, GnuTLS 2.12.14, zlib 1.2.7
Here's how I used to do it:
user#hostname:~/Desktop >> ftp username#ftp.example.com
Now, I try the command below, but it doesn't work:
user#hostname:~/Desktop >> lftp username#ftp.example.com
Password:
lftp username#ftp.example.com:~> ls
WARNING: gnome-keyring:: couldn't connect to: /run/user/username/keyring-EvxB3g/pkcs11: No such file or directory
ls: Fatal error: Certificate verification: Not trusted
lftp username#ftp.example.com:~> quit
What am I doing wrong? How do I get lftp to create an FTPS session to Yahoo Webhosting?
Thanks in advance for any help!! I really appreciate it!!
Steve McMahon
It took me a while to figure this out but I was able to get it working using lftp like so:
lftp
set ssl:verify-certificate false
set ftp:ssl-force true
connect ftp.example.com
login username#somewhere.com
Password:
The method above worked for me connecting from Ubuntu 14 to Yahoo webhosting using ftps. To reduce typing, the lftp commands shown above where placed into a text file and -f was used to read the text file. Below are the two files, a shell script to run lftp and the lftp script.
The shell script contains:
#! /bin/bash
# script name: ylist.sh
echo "Get Directory List from Yahoo via FTPS"
lftp -f ylist-script.txt
The ylist-script.txt file contains:
set ssl:verify-certificate false
set ftp:ssl-force true
connect ftp.example.com
login username#example.com
ls
These retrieve a directory list from the root of the yahoo webhosting account. lftp exits and when script completes.