Is there a way to use the already running ssh-agent in a bash session with net::ss::perl::agent ultimately so I don't have to setup keys again with net::ss::perl? I don't see any examples anywhere. I keep seeing a way to create a new agent but not a way to connect it to the shell? Thanks
Edit:
I should explain that I can't use Net::OpenSSH since i have to work with commercial SSH servers and the openssh client doesn't work properly with it(I've tested this).
Use Net::OpenSSH instead of Net::SSH::Perl
For me it just works. As long as the environment variables SSH_AUTH_SOCK and SSH_AGENT_PID are defined in the shell and point to a valid ssh-agent process Net::SSH::Perl::Agent will be able to talk to the agent. There are scripts that make this easier on the internet.
Related
I've read multiple posts on running scripts on GCP VMs but unfortunately could not find an answer that would satisfy my needs.
I have a Go application and I'm looking for a way to run a bash script on a VM instance programatically.
I'm using a Google Cloud Golang SDK which allows me to fetch VM instance info. Unfortunately SDK does not contain a functionality that allows running a bash script on a specific instance(unlike an Azure Cloud SDK for example).
Options I've found:
Google Cloud Compute SDK has an option to set a startup script, that
will run every time an instance is restarted.
Add instance-level public SSH key. Establish an SSH connection and
run a script using Go SSH client.
Problems:
Obviously startup script will require an instance reboot and this is not possible in my use case.
SSH might be also problematic, in case instance is not running SSH
daemon or SSH port is not open. Also, SSH daemon config does not
permit root login by default(PermitRootLogin might be false), thus
script might be running on a non privileged user, making this option not
suitable either.
I should probably note that I am not authorised to change configuration of those VMs (for example change ssh daemon conf to permit root login), I can just use a token based authentication to access them, preferably through SDK, though other options are also possible as long as I am not exposing the instance to additional risks.
What options do I have? Is this even doable? Am I missing something?
Thanks!
As said by Kolban, there is no such API to trigger from outside a bash inside the VM. The best solution is to deploy a webserver (a REST API) that call the bash and to expose it (externally or internally).
But you can also cheat. You can create a daemon on your VM that you run with a startup script and that listen a custom metadata; let's say check it every seconds.
When the metadata is updated, the daemon can perform actions. You can imagine that the metadata contain the script to run with the parameters. At the end of the run, the metadata is cleaned by the daemon.
So now, to run your bash, call the setMetadata Api. It's not out of the box, but you can have something similar of what you expected.
Think of GCP as providing the virtual machine infrastructure such as compute, memory, disk and networking. What runs when the machine boots is between you and the machine image. I am hearing you say that you want to run a bash script within the VM. That is outside of the governance of GCP. GCP will only affect the operation and existence of the environment. If what you want to happen is run a script within the VM programatically you will need to run some form of demon inside the VM that can be signaled to run such a script. This could be a web server such as flask or express, it could be your SSH server or it could be some other technology you choose.
The core thing I think you were looking for was some GCP API that, when called, would run a script within the Compute Engine. I'm going to say that there is no such API.
I am trying to create an Alfred workflow that connects to my server through ssh without asking for my password. I tried
ssh root#myServerIP ; mypswd
and many other variants, but i can't seem to be able to wait for terminal to ask me my password before the script answer it.
Is it possible, in this case and in general to pre-enter the password on a terminal command ?
Thanx a lot in advance
Jad
There is no need of ; at the end. You can just hit enter at the end of the line and it will take it as an input for next command. for your case, it would look something like this.
ssh root#myServerIP
mypswd
If it's possible, I'd try to make it so that your workflow doesn't involve using SSH as root. Storing your password in a script seems like a security risk.
What I would suggest is using public/private key pairs (tutorial here and other places) to enable passwordless login from your client to the server, and sidestep the issue entirely. It's technically possible to do this with the root account as well, but again, I wouldn't recommend it.
I am looking for the best scripting option to automate process as below:
Every time an EC2 instance stands up, I'd like to add Centrify package into it, and run Centrify commands to connect to AD server so that EC2 user can be authenticated.
Give this scenario, which scripting language is the best option? I am thinking of Python or bash now.
Thanks!
Update:
The solution turns out to be a python script which is baked in the AMI, and triggered when an authentication request is initialized.
I'd like to write a shell script that does something like the following
while read line; do
echo $line
done<input.txt | ssh > output.txt
This is a bit pseudo codey at the moment (the original is at work), but you should be able to tell what it's doing. For simple applications this works a treat, but ssh checks the input to see whether it's stdin is a terminal.
Is there a way to fool ssh into thinking that the contents of my piped loop are a terminal rather than a pipe?
EDIT : Sorry for not adding this originally, this is intended to allow ssh to log in via the shell script (answering the password prompt)
ssh -t -t will do what you want - this tells ssh to allocate a pseudo terminal no matter whether it is actually running in one.
Update
This problem (after updating your question and various comments, it became clear you are looking for a way to conveniently get public key encryption into place) could perhaps be solved by 'thinking upside down'.
Instead of trying very hard to get your clients public key onto a server that doesn't yet authenticate the client, you can try to receive an authenticated identity (private key) from that server.
Simple terms: generate a keypair on the server instead of the client, and then find a way to get the keypair on the client. The server can put the public key in it's authorized_keys in advance, so the client can connect right away.
Chances are that
the problem of getting the key across is more easily solved (you could even use a 'group' key for access from various clients)
if a less-secure mechanism is chosen (convenience over security) at least only the security of the client is reduced, not as-much that of the server (directly).
Original answer:
Short answer: Nope. (it would be a security hole for ssh, because ssh 'trusts' the tty for password entry, and the tty only)
Long answer, you could try to subvert/creatively use a terminal emulator (look at script/scriptreplay for inspiration).
Why would you want to do it?
So I've got dozens of servers I connect to and want a simple Ruby script that provides me with a list of those servers. Picking one will start up SSH with the proper connection details and let me start using it. That's it!
But, I don't want/need Ruby to keep running. If I did I could use Net::SSH and capture all output and send it back to the user, but this is an extra layer I don't need. I simply want to use Ruby as a "script starter" and then close itself.
Any ideas? I've thought about forking processes but I don't know how I'd attach the terminal to the new ssh one.
I have a simple bash script that does this already, but I want to add more functionality like being able to add to the list, remove servers, etc. all from the command line. I'm sure I could do this with bash as well but I'm much more comfortable with Ruby.
Maybe exec will do the trick
http://en.wikipedia.org/wiki/Exec_(operating_system)
http://ruby-doc.org/core/classes/Kernel.html#M005968