I'm working on a file download project which would download files from remote server to local server. The plan is to use rsync. when I perform rsync, it asks for my password on the remote server before starting the transfer. I would like to avoid this, and perform rsync without password.
I’ve googled a solution. Please see the link: http://www.thegeekstuff.com/2011/07/rsync-over-ssh-without-password/
Let me give a brief introduction of this solution. The solution askes the user (like me) to use ssh-keygen on local server to generate public and private keys,
and then upload this public key to the remote server using ssh-copy-id.
Since we need to download files from other companies’ servers, I'm kind of worried that other companies may not allow us to upload file to their servers.
Are there any other ways to avoid this password typing step?
Related
I would like to connect to a Windows server via SSH with private and public key from my local Windows machine.
The problem is that I can not figure out how and am asked to enter the password every time.
Eventually I want to setup remote coding with vs code but as the ssh program faces the same problem as in VS code I think we can leave VS code out of the picture.
Generally the connection to the server is working. So if I type ssh {myuser}#{servername} I am prompted to write my password and afterwards the console is connected to the server.
Now I would like to set it up in a way that I do not need to write my password every time, there for I setup public and private key following this tutorial.
But the system still ask my for a password each time. Does anyone know what the problem might be?
I would guess that the permissions might be an issues. In the link listed above they mentioned that I should set the permissions to 700 for the .ssh folder and 640 for the authorized_keys file. As Windows does not hove the chmod command (or at least it does not seem to change the permissions) this could be the problem.
I have also put the public key in the authorized_keys file of the .ssh folder of the user I am using.
Also as the copying with cat and | did not work I moved the files there manually but otherwise is sticked to the tutorial.
Does anyone know what the issue is?
Furthermore I managed to connect both the server and the client to a bit bucket server using ssh key with out a problem.
I am using Windows machine and I have WinSCP installed.
I am writing a script that logs in to the server and downloads file.
I do not want to store account password in the script. Is there anyway I can login to server with some-kind of host-key or private-key or something.
Yes, you can use the public key authentication. But for that you still have to store the private key along with your script. Normally the key is encrypted with a passphrase. To automate the login, you would have to store the passphrase to the script file anyway (using the -passphrase switch). So still, if anyone gets an access to your machine, he/she is still able to steal your identity, just as with the password. Though there's an advantage. You can have multiple keys (while only one password). If you use a special key for the script and the key is ever compromised, you can revoke it, while keeping the other keys.
Note that, if you are not absolutely sure of the physical and electronic security of the system on which you are connecting, there's hardly any way to setup an automatic authentication. If you are sure about the security, storing password in the script file is just ok.
Anyway, your question is mostly duplicate of:
How do I setup Public-Key Authentication?
For WinSCP specifics, see the guide to Setting up SSH public key authentication.
See also the WinSCP guide to Protecting credentials used for automation.
I had a similar issue on windows so I used Putty instead http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
If you need to generate a public key then use: http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe
I gave the public key + password to whoever owned the SFTP server to install it on his side.
I saved the private key on my side lest say on "C:\privatekey.ppk"
You don't use password on your script but you link to the private which you must have on you machine.
Then, when you want to automate a batch to download from the FTP server the Pageant in order to load the private key into session http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe
Then use the PSFTP to connect and perform actions http://the.earth.li/~sgtatham/putty/latest/x86/psftp.exe
So here is sample code for the batch file:
!--Loading the key to session--!
#C:\pageant.exe "C:\privatekey.ppk"
!--Calling the PSFTP.exe with the uaser and sftp address + command list file--!
#C:\psftp user#your.server.address -b C:\sftp_cmd.txt
Command list file (sftp_cmd.txt) will like like this:
mget "*.*" !--downloading every thing
!--more commands can follow here
close
Now, all you need to to schedule it in scheduled tasks *I wish it was simple as unix's cron job....
What I would do is using Putty (or other solution) on Windows to connect to a SAN switch and get results from a command with ssh.
I use Powershell as scripting language and it could be done easily but i don't want to save the password in the script.
I'm looking for a solution to use Putty from command line and set the password not stored in clear in the script.
What I thought is to launch the script with \RUNAS (through a Scheduled task) and pass the actual credentials directly to Putty. (The switch would have the same password as the account used with the Runas). Is that possible?
Or is there any solution using putty with a certificate or something like this?
You may want to consider using key authentication as opposed to a password.
People will say use a password in addition to the key, but if your alternative is storing the password on your PC in a file anyway, someone with access to your machine owns you in either case.. So you just need to generate the keys. The requirement is: no-one but you has access to that key file.
http://www.linuxproblem.org/art_9.html
I'm in the same boat, have to use Windows, but for me www.mingw.org which gives you a shell, and the basic *nix tools - extremely useful for SSH, connect to remote Linux VPS, etc.. Cygwin, of course which is similar, and has an easier tool (setup.exe if I recall) to install new apps. I actually use git-bash with is mingw with git. No-GUIs. I've found this easy to just drop to the mingw shell when I need to use ssh openssl cut awk etc..
So running any remote command using SSH from the command line without third-party programs like Putty, or those with GUIs, etc.. Using the key authentication and offing password auth completely in ssh on the remote device (at least on devices where you have control) is some additional lockdown for the remote device, especially if you're the only one need access it.
Which leaves, scheduling the script. There should be a way to do that via batch file and Windows or within the command line environment.
I'll suggest following options:
use password authentication. Store the text file with password in a file with limited access (some service account) and launch your script under this account's credentials
same as above, but instead of text file use certificate file
write a small program (C#) which uses DPAPI to store the certificate or password in service account-specific store.
combine any of the above with the use of BitLocker/EFS
No options are can protect you from an attacker having admin access to the server, but implementing them will give an increasing (in order of number) headache to someone who will be trying to break it.
The script will be a weak spot in any case, though.
This is probably not the answer you're looking for, but I wouldn't use Putty for this, and would rather communicate with the SSH server directly using SSH.NET library. It's available in both source and binary form, and you could use it from PowerShell too if you like.
Examples: http://sshnet.codeplex.com/wikipage?title=Draft%20for%20Documentation%20page.
Then you'd have a lot of options to store your login credentials securely.
I recommend setting up 2-factor authentication on the ssh machine that you have to communicate with IF you can't use key authentication.
Google's 2 factor authentication can be implemented for ssh and is relatively easy to set up as long as SE linux is disabled...if it isn't disabled, you can add an exception and that would essentially help reduce the risk of compromise and increase security.
I have my Hudson CI server setup. I have a CVS repo that I can only checkout stuff via ssh. But I see no way to convince Hudson to check out via ssh. I tried all sorts of options when supplying my connection string.
Has anyone done this? I gotta think it has been done.
If I still remember CVS, I thought you have to set CVS_RSH environment variable to ssh. I suspect you need to set this so that your Tomcat process gets this value inherited.
You can check Hudson system information to see exactly what environment variables the JVM is seeing (and passes along to the build.)
I wrote up an article that tackles this you can find it here:
http://www.openscope.net/2011/01/03/configure-ssh-authorized-keys-for-cvs-access/
Essentially you want to set up passphraseless ssh keys for your build user. This will allow authentication to occur without the need to work out some kind of way to key in your password.
<edit> i.e. Essentially the standard .ssh key client & server install/exchange.
http://en.wikipedia.org/wiki/Secure_Shell#Key_management
for the jenkins user account:
install user key (public & private part) in ~/.ssh (generate it fresh or use existing user key)
on cvs server:
install user key (public part) in ~/.ssh
add to authorized_keys
back on jenkins user account:
access cvs from command-line as jenkins user and accept remote host key (to known_hosts)
* note any time remote server changes key/ip you will need to manually access cvs and accept key again *
</edit>
There's another way to do it but you have to manually log from the build machine to your cvs server and keep the ssh session open so hudson/jenkins can piggyback the connection. Seemed kinda pointless to me though since you want your CI server to be as hands off as possible.
Does anyone know of a script or program that can be used for backing up multiple websites?
Ideally, I would like the have it setup on a server where the backups will be stored.
I would like to be able to add the website login info, and it connects and creates a zip file or similar that it would then be sent back to the remote server to be saved as a backup etc...
But it would also need to be able to be set up as a cron so it backed up everyday at least?
I can find PC to Server backups that a similar, but no server to server remote backup scripts etc...
It would be heavily used, and needs to be a gui so the less techy can use it too?
Does anyone know of anything similar to what we need?
HTTP-Track website mirroring utility.
Wget and scripts
RSync and FTP login (or SFTP for security)
Git can be used for backup and has security features and networking ability.
7Zip can be called from the command line to create a zip file.
In any case you will need to implement either secure FTP (SSH secured) OR a password-secured upload form. If you feel clever you might use WebDAV.
Here's what I would do:
Put a backup generator script on each website (outputting a ZIP)
Protect its access with a .htpasswd file
On the backupserver, make a cron script download all the backups and store them