shrewsoft command line interface to connect and terminate vpn on ubuntu - shell

Shrewsoft [1] provides a command line interface for setting up the vpn tunnel automatically without any user intervention, such as by using the following command
ikec -u username -p password -r configuration -a
IS there any way to detect if the connect attempt was successful such as by reading live logs and how can we terminate the vpn tunnel after some time using the command line. Any help will be appreciable.

By looking at the terminal output from ikec -u username -p password -r configuration -a, you can tell if the connection was successful; if the output has a line ii : tunnel enabled, that means the connection was successful and should work. If you get a message such as >> : detached from key daemon or failed to connect to key daemon, it means there was a problem with the connection (https://askubuntu.com/a/793336/705434 suggests running sudo /usr/sbin/iked for a solution to this particular error). To exit the ikec command, just type q into the terminal.
EDIT: it looks like this page (https://gist.github.com/fschabmeyer/22b759994cf852df7e9b) has a shell script that can handle the detection, you should be able to add a case to exit the command automatically after a certain amount of time.

Related

Plink - Remote interactive connection with bash script does not seem to work properly

I have a redis database on a remote docker host, and I'd like to access it through a single ssh script command via plink.
The script is simple (redis-script.sh):
#!/bin/bash
echo "Enter Redis Password."
read -s pass
docker exec -it my-redis-container redis-cli -a $pass
Which works fine when I do a standard ssh connection via putty then run the script after login. I am able to enter the password and connect to the db:
Enter Redis Password.
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
127.0.0.1:6379>
The problem is when I use plink, my plink command line:
plink.exe -t container-host /containers/redis-script.sh
I get this:
Enter Redis Password.
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
[6n
One issue is the mangled characters, but the biggest issue is that I can no longer type in any commands at this point. I am able to interact when it asks for the password, but once it gets into redis-cli, I cannot type anything.
Perhaps it's the docker exec command which is messing up the interactivity?
Any help is appreciated.

SSH Unknown TTY Error Message

When trying to run the command ssh user#ip 'command', I keep receiving this error: can't get tty settingscan't set orig mode. I have tried googling this and searching here but have not found anything referring to this message. I am trying to automate connecting to a Cisco wireless access point (2800 model) using Golang to run a command then exit, but this message pops up each time. I can log in normally using ssh user#ap_ip, but using the shorthand ssh user#ap_ip 'command' or trying the equivalent in Golang gives the error message above. Anyone know what's going on?
ssh without explicit command given will allocate a terminal while ssh with a command given will by default not. It looks like the command you execute needs a terminal. In this case use the -t option, i.e. ssh -t user#ip command. From the documentation:
-t Force pseudo-terminal allocation. This can be used to execute
arbitrary screen-based programs on a remote machine, which can be
very useful, e.g. when implementing menu services. Multiple -t
options force tty allocation, even if ssh has no local tty.

Make script Error on "Authenticity of host cannot be established" message

I am writing a wrapper script that sets up passwordless ssh to other servers for other scripts to then use.
The issue is that the inner scripts are not capable of taking user input. For example, whenever it receives
The authenticity of host 'hostname.server (XXX.XXX.XX.XX)' can't be established.
RSA key fingerprint is RS:A-:FI:NG:ER:PR:IN:T-.
Are you sure you want to continue connecting (yes/no)?
and a user enters anything (no, yes or nothing and press enter), the inner scripts fail because they were not expecting input. I do not have any control over the inner scripts, nor can I edit them.
My wrapper script essentially sets up ssh, and also tests ssh into the server before the other scripts run.
I want the wrapper script to error on any ssh response that requires user input (like aforementioned one above) as well as any kind of ssh error, so the failure is known sooner in the wrapper script rather than later in the inner scripts.
What is a good way to do this?
The SSH option you're looking for is BatchMode.
From the man page:
BatchMode
If set to ``yes'', passphrase/password querying will be disabled.
This option is useful in scripts and other batch jobs where no
user is present to supply the password. The argument must be
``yes'' or ``no''. The default is ``no''.
It might also be valuable to set a timeout for your connections, so that network problems don't cause your ssh client to hang around forever:
ConnectTimeout
Specifies the timeout (in seconds) used when connecting to the
SSH server, instead of using the default system TCP timeout.
This value is used only when the target is down or really
unreachable, not when it refuses the connection.
The default value for ConnectTimeout may be 0, which would cause ssh to wait forever.
You can put this on the command line:
ssh -o BatchMode=yes -o ConnectTimeout=15 me#host.example.com
or in a configuration file like ~/.ssh/config:
host example host.example.com
hostname host.example.com
user me
BatchMode yes
ConnectTimeout 15
Note that upon failing to connect, SSH will return a status in its exit value, so you might use shell constructs like:
if ! ssh example bin/do_something; then
echo "ERROR: bailing out of $0." >&2
exit 1
fi
The ssh command will also produce standard error explaining why it failed.
Add the host fingerprint to the known_hosts file before calling ssh
ssh-keyscan -H your_hostname >> ~/.ssh/known_hosts
Just make sure you trust the server before adding the fingerprint to the known_hosts to avoid security issues.

How to return to the script once sudo is done

I am on a server and running a script file that has following code.
ssh username#servername
sudo su - root
cd /abc/xyz
mkdir asdfg
I am able to ssh... but then the next command is not working.. the script is not sudo-ing. any idea?
Edit: Able to create a mech id and then do the things.. though still looking for the answer to above question :|
First of all your command will "stuck" on the first line because it will go into an interactive mode. The ssh command will require a password to be provided by a user (unless there is an sshkey being used) . And if the ssh is logged into the remote server then it will wait for user commands from standard input.
Secondly the lines following the ssh command will be executed only when the first process has exited. This is why your script is not "sudoing" - it's waiting for the ssh to end.
So if your point is to run a command on a remote server then put the command as a parameter into the same line as ssh connection. In your case:
ssh user#server sudo su - root
But this will not be of satisfaction for you. I suggest you create a script of what you want to execute on the remote server and then execute the script.
ssh user#server scriptName
The sudo thing here is very tricky because again your script might get stuck in the interactive mode waiting for a password to be inserted so I suggest you think again on the basis of the script.
mb47!
You want to run the script on the remote computer, correct?
On the remote machine, create a file containing the commands you would like to execute.
Then, on the other machine, run ssh user#machine /path/to/script/you/created/earlier
I hope this helps!
ALinuxLover

VNC Bash Problem

I'm having a curious problem with a little script to make a VNC connection to a remote host. The script just makes an SSH tunnel for the VNC session and then opens the viewer. It's only two lines, and when copied into the shell manually, it works fine. However, invoking the script causes the VNC viewer to fail with this error:
main: unable to connect to host: Connection refused (111)
Here's the script:
#!/bin/bash
ssh -N -L5903:localhost:5903 username#example.com &
vncviewer :3
The tunnel lives throughout the process, so that isn't the problem. Neither is permissions -- the same error occurs when the script is run as root. I've got public key authentication set up, so it's not that ssh is requesting a password.
What am I missing? The commands work when typed in the shell!
Thanks in advance.
Most likely the vncviewer command is being executed too quickly after the ssh command. Try putting
sleep 3
between those two commands to allow time for the port forwarding to be set up.

Resources