I'm using plink to run a script on a remote server (Linux) from a Windows machine. Part of the script prompts for inputs (authentication to various other remote servers that use different credentials). I don't want to store the password in the script as each use will be using their own for auditing reasons.
I need the prompt to be transmitted to the Windows terminal window and I need the input transmitted back to the Linux box. Additionally I need to write log all this into a file, like this:
plink username#unixbox /etc/scrips/myscript.bash > report.txt
At the moment the above works but all that prints to report.txt is the prompts
please enter password for reportBox1?
please enter password for reportBox2?
Instead I need it to send the password prompt and input to the Linux box to continue running the script as it normally would, only remotely. So the output of report.txt would read:
please enter password for reportBox1? *
File 1
File 2
File 3
please enter password for reportBox2? *
Data a
data b
data b
Hope that makes sense. If there's something better than plink can be used such as putty's ssh.exe please let me know that one instead.
First off: plink is PuTTY's ssh.exe.
If you want to be able to answer the password prompt on the Windows machine, you need to tell plink to allocate a pseudo-terminal with -t:
plink -t username#unixbox /etc/scrips/myscript.bash
Now you get the prompt and input will be sent back. But if you redirect STDOUT to report.txt...
plink -t username#unixbox /etc/scrips/myscript.bash > report.txt
...you won't see the prompt, because it's redirected into report.txt (although the script still runs and waits for your input). To get around this, you need some tool which allows you to redirect the output to multiple destinations - STDOUT and report.txt at the same time. In the *nix world, the command for this is tee. There are ports of tee for Windows:
as part of GnuWin32 (this is what I'm using)
as part of UnxUtils
as batch, perl and rexx versions
Having set one of those up, you'd do:
plink -t username#unixbox /etc/scrips/myscript.bash | tee report.txt
Security note: If the password prompts in the script on the Linux machine echo what was input, the passwords will of course also be logged in report.txt, which might be a problem.
Related
I have tectia ssh server in a windows environment.
When I use sftpg3 -B cmd.txt username#host that works fine. The only problem is that it doesnt let me execute files remotely, it only lets me move files. It reads the commands from cmd.txt but since I cant execute anything it ignores the commands.
Well when I do the same thing but use sshg3, it doesnt recognize the -B flag at all.
SSHG3 -B cmd.txt username#host
cmd.txt' is not recognized as an internal or external command,
operable program or batch file.
I've tried putting -B "cmd.txt"
I tried just putting the cmd.txt contents in the same script instead of housing them in cmd.txt and getting rid of -B, but it doesnt run them that way either.
The docs dont have much to go off of. All it says is use -B for batch processing.
Contents of cmd.txt:
D:
cd Library
cd Backup
parseLibrary.cmd
exit
Trying to sshg3 into a host, navigate to a path and run a batch file on that host.
Any ideas?
-B, --batch-mode
Uses batch mode. Fails authentication if it requires user interaction on the terminal.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
It does use public key authentication, there is no user interaction needed on the terminal.
Noticed this on the docs for sftpg3
-B [ - | batch_file ]
The -B - option enables reading from the standard input. This option is useful when you want to launch processes with sftpg3 and redirect the stdin pipes.
By defining the name of a batch_file as an attribute, you can execute SFTP commands from the given file in batch mode. The file can contain any allowed SFTP commands. For a description of the commands, see the section called “Commands”.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
I'm guessing batch file is different than batch mode?
*I figured it out. You have to use the -B flag for every command you want to execute.
I figured it out. You have to use the -B flag for every command you want to execute.
sshg3 user#host -B dir -B ipconfig -B etc.cmd
Following situation:
From a Windows machine, I log into a remote Linux machine via
plink -v hostname -l username -pw password
Upon logging in, I am greeted with a 'Welcome to AIX Version 5.3!' and asked to choose a login case (at which prompt I need to press '2'), and then to choose a datapool (at which point I need to press '1').
However, I don't want to press anything. I want all of this to happen through a script. How can I automate answering the prompts?
Thank you in advance for any help.
I found a solution:
plink -v hostname -l username -pw password << input.txt
where input.txt is:
2
1
exit
Additionally, all commands which I would like to give to the remote terminal can be included in this input.txt file.
I am trying to write a script to automatically upload files to a sftp server. My problem is authentication.
I know it is not possible to store a password in a bash script for sftp.
I can't use keys because the admin of the server won't allow me.
I don't want to use any extras (sshpass/expect) because I can't
guarantee they will be on the machine I'm using (the script are wanted so that the processes are not tied down to a particular machine).
Manual entry of the password is not a problem I just need to get the script to wait for the user to put the password in. At the minute when I run the script it opens terminal, prompts for the password, but when this is entered nothing else happens. If I enter the lines of code manual after it uploads everything correctly.
#!bin/bash/
cd /remote_directory
lcd /local_directory
put some_file.txt
After months of looking for an answer I have finally found the solution. It was in a comment on an answer in some other thread I can't even remember. Hope this can help others out there.
Your bash script should look like this and will connect to the sftp server, prompt the user for the password, and then execute the remaining commands.
#!/bin/bash
sftp user#server <<!
cd /the/remote/directory
lcd /your/local/directory
put/get some.file
!
I want to write one shell script like
command1
ssh vivek#remotehost
fire command on remote host
Now I have password in pass.txt . But when I change stdin with file. It is not reading password from file.
script.sh < password.txt
It is prompting for the password in place of reading password from the file.
What I am doing wrong ?
Second problem is that shell script don't shows the command fired. Is there a way , I can show fired command from it ?
Note :
I don't have key based access on remote system. I can only use password based login for ssh.
You can use ssh-agent or expect (the programing language) to do this.
OpenSSH ssh does not reads the password from stdin but from /dev/tty. That's why you have to use Expect or some other similar tool to automate it.
plink is another client, also available for Linux/Unix that accepts the password as a parameter on the command line... though that has some ugly security implications.
Okay, just to mention yet another option: sshpass is a tool developed for exactly the task of "fooling" regular openssh client to accept password non-interactively.
I want to install a software library (SWIG) on a list of computers (Jenkins nodes). I'm using the following script to automate this somewhat:
NODES="10.8.255.70 10.8.255.85 10.8.255.88 10.8.255.86 10.8.255.65 10.8.255.64 10.8.255.97 10.8.255.69"
for node in $NODES; do
scp InstallSWIG.sh root#$node:/root/InstallSWIG.sh
ssh root#$node sh InstallSWIG.sh
done
This way it's automated, except for the password request that occur for both the scp and ssh commands.
Is there a way to enter the passwords programmatically?
Security is not an issue. I’m looking for solutions that don’t involve SSH keys.
Here’s an expect example that sshs in to Stripe’s Capture The Flag server and enters the password automatically.
expect <<< 'spawn ssh level01#ctf.stri.pe; expect "password:"; send "e9gx26YEb2\r";'
With SSH the right way to do it is to use keys instead.
# ssh-keygen
and then copy the *~/.ssh/id_rsa.pub* file to the remote machine (root#$node) into the remote user's .ssh/authorized_keys file.
You can perform the task using empty, a small utility from sourceforge. It's similar to expect but probably more convenient in this case. Once you have installed it, your first scp will be accomplished by following two commands:
./empty -f scp InstallSWIG.sh root#$node:/root/InstallSWIG.sh
echo YOUR_SECRET_PASSWORD | ./empty -s -c
The first one starts your command in the background, tricking it into thinking it's running in interactive mode on a terminal. The other one sends it data from stdin. Of course, putting your password anywhere on command line is risky due to shell history being preserved, users being able to see it in ps results etc. Not secure either, but a bit better thing would be to store the password in a file and redirect the second command's input from that file instead of using echo and a pipe.
After copying to the server, you can run the script in a similar manner:
./empty -f ssh root#$node sh InstallSWIG.sh
echo YOUR_SECRET_PASSWORD | ./empty -s -c
You could look into setting up passwordless ssh keys for that. Establishing Batch Mode Connections between OpenSSH and SSH2 is a starting point, you'll find lots of information on this topic on the web.
Wes' answer is the correct one but if you're keen on something dirty and slow, you can use expect to automate this.