Recently our web hoster (Domainfactory) changed the method to externally access our online mysql database. From simple ssh "port forwarding" to a "unix socks tunnel".
The ssh call looks like this (and it works!):
ssh -N -L 5001:/var/lib/mysql5/mysql5.sock ssh-user#ourdomain.tld
The problem: you have to enter the password every single time.
In the past I used BitVise SSH client to create a profile (which also stores the encrypted password). By simply double-clicking on the profile you'll be automatically logged in.
Unfortunately, neither the "BitVise SSH client" nor "Putty" (plink.exe) supports the "Unix socks tunnel" feature/extension, so I can't use these tools any more.
Does anyone have an idea how to realize an automated login (script, tool, whatever)?.
The employees who access the database must not know the SSH password in any case!
I got a solution. The trick is to generate a SSH Key pair (private and public) on client side (Windows machine) calling 'ssh-keygen'. Important: don't secure the ssh keys with a password (simply press [enter] if you're asked for a password, otherwise you'll be asked for the SSH-Key password every time you try to SSH). Two files will be generated inside 'c:\Users\your_user\.shh\': 'id_rsa' (private key) and 'id_rsa.pub ' (public key).
On server side create a '.shh' directory within your user's home directory. Inside the '.ssh' directory create a simple text file called 'authorized_keys'. Copy the contents of 'id_rsa.pub' into this file (unfortunately 'ssh-copy-id' isn't available yet for Windows. So you have to do the copy and paste stuff on your own.) Set permissions of 'authorized_keys' file to '600'.
Now you should be able to simply SSH into your server by calling 'ssh-user#ourdomain.tld' without entering a password. Create a batch file with your individual ssh-call and you're done.
Thanks to Scott Hanselman for his tutorial: https://www.hanselman.com/blog/how-to-use-windows-10s-builtin-openssh-to-automatically-ssh-into-a-remote-linux-machine
I am using scp to copy a file from one server to another. Both of the servers need a password to be passed with sshpass so I need to use sshpass twice in the same command. Note that I am using the -3 flag because server foo cannot directly communicate with server boo.
I tried
sshpass -p 'foo' scp -3 foo#foo.com:/home/foo/foo.txt sshpass -p 'boo' boo#boo.com:/home/boo/
but it didn't work, no error message, just didn't copy the file. Is there a way to accomplish this?
Note: Please don't suggest answers using key pair, I want to pass in the password rather than using keys (or prompting the user to type the password), I know it is visible to the whole system and that it is not secure, I still want to do it.
This is not possible.
According to scp manual:
-3
Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. Note that this option disables the progress meter and selects batch mode for the second host, since scp cannot ask for passwords or passphrases for both hosts.
And according to ssh_config manual:
BatchMode
If set to yes, user interaction such as password prompts and host key confirmation requests will be disabled. This option is useful in scripts and other batch jobs where no user is present to interact with ssh(1). The argument must be yes or no (the default).
So far with the ssh package in go I have been able to create some sort of client that will allow two forms of authentication. Either the user inputs a password or it will use keys to authenticate. This works great, however StrictHostKeyChecking may be causing an issue. Normally the first time you would SSH into a remote you'll be prompted with a message asking about the host authorization.
Is there anyway in Go to provide the user with that yes / no prompt or to disable StrictHostKeyChecking altogether?
They don't implement this for you, but you could provide HostKeyCallback in the ClientConfig struct passed to Dial. The function you provide should validate the hostname and host key against some known list and prompt the user if it doesn't match. The documentation says that the default is to accept all host keys, which is like setting StrictHostKeyChecking no in the ssh client config.
I'm trying to write a script so that it can be called by one user and is executed as another user. I thought that setuid might be able to do this so I enabled setuid using chmod u+s with the owner of the script being user1. I call the script (which only contains whoami right now) as user2 and it still shows user2 instead of user1. How can I make this be user1.
-- My end result is I want one user to be able to call this script and have it ssh into another server and execute a command as another user.
You can copy that user's key (id_rsa) and pass it to ssh when connecting to the server:
ssh -i user1_id_rsa user1#server
However, this is rather a bad solution, security-wise. Adding the user's key to the authorized keys on the server, as I said in the comment, is the proper way to do it, and you should really look into that.
Sounds like you need a third user in your security model, who can run the program, but is otherwise unprivileged. This third user is an assumable identity for a number of users so they can run the process on the remote server.
I'd like to know how to get Subversion to change the name that my changes appear under.
I'm just starting to use Subversion. I'm currently using it to version control code on an XP laptop where I'm always logged in under my wife's name. I'd like the subversion DB to show the changes under my name.
Later on I'll replicate the DB so it is accessible to the whole house. My wife uses the office computer where she is always logged in under my name. I'll probably set it up so that it automatically checks in modified documents... preferably under her name.
Eventually I'll probably be using it from a linux machine under another username.
Is there some way to modify the user environment to change the user name that Subversion calls you? I'd expect something like setting SVN_USERNAME='Mark' which would override however it usually gets the name.
Update: It looks like the --username flag that Michael referred to does work to change the name reported by "svn stat", even for local file: repositories. In addition, it is sticky so you don't need to specify it for the next command. I even rebooted and it still used the "--username" value from my previous boot.
Most Subversion commands take the --username option to specify the username you want to use to the repository. Subversion remembers the last repository username and password used in each working copy, which means, among other things, that if you use svn checkout --username myuser you never need to specify the username again.
As Kamil Kisiel says, when Subversion is accessing the repository directly off the file system (that is, the repository URL is of form file:///path/to/repo or file://file-server/path/to/repo), it uses your file system permissions to access the repository. And when you connect via SSH tunneling (svn+ssh://server/path/to/repo), SVN uses your FS permissions on the server, as determined by your SSH login. In those cases, svn checkout --username may not work for your repository.
For svn over ssh try:
svn list svn+ssh://[user_name]#server_name/path_to_repo
svn will prompt you for the user_name's password.
You can setup a default username via ~/.subversion/servers:
[groups]
yourgroupname = svn.example.com
[yourgroupname]
username = yourusername
Please be aware that older versions of svn do not support it (e.g. 1.3.1 [sic!]).
"svn co --username=yourUserName --password=yourpassword http://path-to-your-svn"
Worked for me when on another user account. You will be prompted to enter username/password again though. You need to login like the above once and you are all set for the subsequent times(Unless you restart your machine).
If you need to specify a username other than your logged in user for use with svn+ssh just add an entry to your .ssh/config file:
Host example.com
User jdoe
Subversion usually asks me for my "Subversion username" if it fails using my logged in username. So, when I am lazy (usually) I'll just let it ask me for my password and I'll hit enter, and wait for the username prompt and use my Subversion username.
Otherwise, Michael's solution is a good way to specify the username right off.
Most of the answers seem to be for svn+ssh, or don't seem to work for us.
For http access, the easiest way to log out an SVN user from the command line is:
rm ~/.subversion/auth/svn.simple/*
Hat tip: http://www.yolinux.com/TUTORIALS/Subversion.html
Using Subversion with either the Apache module or svnserve. I've been able to perform operations as multiple users using --username.
Each time you invoke a Subversion command as a 'new' user, your $HOME/.subversion/auth/<authentication-method>/ directory will have a new entry cached for that user (assuming you are able to authenticate with the correct password or authentication method for the server you are contacting as that particular user).
I believe if you use the file:// method to access your subversion repository, your changes are always performed under the user which accesses the repository. You need to use a method that supports authentication such as http:// or svn://.
See http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.choosing
If you are using svn+ssh to connect to the repository then the only thing that authenticates you and authorizes you is your ssh credentials. EVERYTHING else is ignored. Your username will be logged in subversion exactly as it is established in your ssh connection. An excellent explanation of this is at jimmyg.org/blog/2007/subversion-over-svnssh-on-debian.html
Go to ~/.subversion/auth/svn.simple/*, and you will see a list of files that contains the information about your svn user account. Just delete all others that you don't need.
After that, when you do anything that regards to SVN operation, such as commit, rm, etc,. You will be prompt again to enter username or passwords.
TortoiseSVN always prompts for username. (unless you tell it not to)
I believe you can set the SVN_USER environment variable to change your SVN username.