I have one file input.txt containing commands which needs to be typed after telnetting to one ip address. How can I do this, without typing all commands one after the another in to telnet session?
Related
2I wanted to get a host list of linux servers on my network using nmap, but I'm not sure how to filter the results based on multiple strings. So I'm using something like:
nmap -sT -R --dns-servers 192.168.1.1,192.168.1.2 -p 22 192.168.1.0/24
which gives me the results but of course it's also showing every IP with the closed ports. How can I use logic with awk so that if it finds an IP with a hostname AND finds that the lines below have 'tcp open' it will spit those two lines to an output file?
The typical input to use from nmap would look like:
Interesting ports on server.domain.com (192.168.1.1):
PORT STATE SERVICE
22/tcp open ssh
Interesting ports on server2.domain.com (192.168.1.2):
PORT STATE SERVICE
22/tcp closed ssh
but this would be for every single IP that is scanned, so I'm trying to find a way to have a file with only the hostname and IP "if" it shows as 'tcp open' from the nmap command above. Basically giving you a file with:
server.domain.com (192.168.1.1)
So that I only get the server name and IP if SSH is actually listening on port 22
Based on the sample input and the sample output posted, something like this could work:
awk '/^Interesting/ {
domain = $(NF-1)
ip = substr($NF, 0, length($NF) - 1)
}
$2 == "open" {print domain, ip}' file
This works like this:
If a line starts with "Interesting", then the second to last field is stored as the domain, and the last field (minus the trailing colon) is stored as the ip.
If it finds a line where the second token is "open", then it prints the domain and ip found previously.
If I create a host alias in ~/.ssh/config like the following one:
host myhost
hostname myhost.mysubnet.mynet.com
hostname myhost.mynet.com
user igordcard
I am able to connect to myhost.mysubnet.mynet.com perfectly using ssh myhost. However, when this hostname is not reachable, it will never connect. Is there a way to set a timeout for the first hostname so it can automatically try the second one, and so on? If not, is there any other way for achieving almost the same effect?
Thank you.
This answer reflects the exact implementation of the workaround I decided to do, based on the page link provided by damienfrancois and the answer by pcm which is inside that page.
Under ~/.bashrc I've added the following at the end:
nets=$(hostname -I)
if [[ "$nets" == *192.168.* ]]
then
alias ssh='ssh -F .ssh/config.alt'
fi
Which gets the list of network interfaces' addresses connected and then tries to match a segment of a specific network address with that list to check if we are connected to some network and, if so, an alias for ssh is set to use an alternative ssh config file.
This workaround is obviously subject to failure, for instance when the host moves from network to network but these networks share the same network prefix. However, for my specific case (and many others), this is enough.
Can i block an IP address in apache module?
i searched it, but it comes up with no answer, is it true?
You can block using iptables. with a simple rule.
But if you have concerns over some ip address causing DOS attacks or something then you can add it to your black list automatically by using DOS deflate program. I am providing it below for your convenience.
This script will help protect dos attack on our servers. We will use DDos deflate method.
This method will use iptables to block any dos traffic. and will create a cronjob that will execute every minute to execute the script, script will then monitor any threats and stops them using iptables.
1. Install the deflate script
wget http://www.mattzuba.com/wordpress/wp-content/uploads/2011/02/ddos_deflate-0.7.tar.gz
tar -xf ddos_deflate-0.7.tar.gz
cd ddos_deflate-0.7
sudo ./install.sh
2. now the above script is installed in the directory /usr/local/ddos
cd /usr/local/ddos
you will see a file called ddos.conf, edit the file
vi ddos.conf
Here you will see various options, look for ##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=xyz
change no of connections to 200
NO_OF_CONNECTIONS=200
Where 200 is the number of total connections allowed by an ip address in one second. The number can be increased or decreased as per need. Connections over the defined number will be considered a dos attack.
3. setting ip address block time
cd /usr/local/ddos
you will see a file called ddos.conf, edit the file
vi ddos.conf
and look for ##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=60
change ban period to
BAN_PERIOD=600
Where 600 is the number of seconds the ip address will be blocked for, after that it will be released. This nmber can be changed as per need.
4. allow selected ip address to access the system without getting banned or restrictions.
cd /usr/local/ddos
you will see a file called ignore.ip.list, edit the file
vi ignore.ip.list
enter the following ip address to be unblocked
127.0.0.1 ----> the localhost ip address
92.235.247.186 ----> public ip address of the server (change as required)
Hope this helps a little.
I have an account at a server at school, and a home computer that I need to work with sometimes. I have exchanged keys, and now only have one problem. While my school account has a name associated with it, "account_name#school", my home network does not. My plan is to have a script that every hour retrieves my home network's IP address, ssh'es into my school account and updates my ssh config file storing my home network's IP address.
How can I retrieve my home computer's IP address from a shell script?
P.S. Is this a sensible plan?
You have two basic choices:
A dynamic DNS address (e.g. dyndns.org). Setting that up is outside the scope of Stack Overflow, but it's probably The Right Thing™ for you.
Use a tool like http://checkip.dyndns.org/ to report your external IP address, then parse the result.
lynx -dump http://checkip.dyndns.org/ | awk '{print $NF}'
Either way, you'll need to configure your router to allow inbound access for SSH, so further information needs to be asked on Super User or Unix & Linux.
My http://ipcalf.com server supports header-based or explicit content negotiation, which is a fancy way of saying that if you curl -H Accept:text/plain ipcalf.com or curl -s http://ipcalf.com/?format=text you should get your public IP address in raw form.
("Full" documentation and source code are on github.)
You can make a request to http://automation.whatismyip.com/n09230945.asp to fetch your public IP from WIMI. This command:
ssh account_name#school "echo -n "$(wget http://automation.whatismyip.com/n09230945.asp -O -)" > some_remote_file"
will write your home public IP to a file called "some_remote_file" in your home folder at school. Set it up with cron and you will have access to your home's routers public IP from your school.
If you've already set up some sort of port forwarding on your router so that you can ssh to your home computer with the routers IP, you should be good to go :)
I figured out a better way to get the IP address then to use an external service. I am SSHing into the server; therefore, the server must know who is SSHing into it, so I can use a tool like who or pinky to find out who is SSHing in.
Here is the command to get the name of the computer logged in.
echo $SSH_CLIENT | awk '{ print $1 }'
I have a script which executes remote command and redirect output to local file.
Remote command just reads list of pcap files continuously and writes to stdout.
The final command is like this -
ssh root#host /sbin/path-to-utility | cat > local-file
The script which executes this remote command needs to have signal handler to save the state of overall transfer.
Also I want to send signal to remote command or process to stop reading pcap files, so that exit after finishing writing current file.
I tried -t option and signal handling works perfectly fine, but it adds some extra characters to the actual output written by remote command and disturbs my pcap data.
Either I need to handle signal without -t option over ssh or I need to find out why ssh -t is adding additional bytes to actual data.
Please help!
Thanks,
Sachin.
The -t option tells ssh to allocate a terminal. The extra characters are intended to be interpreted by your terminal.
Perhaps then you should tell ssh you are using a different terminal, one that will not generate any extra characters, but will still pass on signals. Does this work?
TERM=dumb ssh root#host /sbin/path-to-utility | cat > local-file
(I don't know what would be the best value to use for TERM.)