Unix: SCP (over SSH) fails due to interactive promot - ssh

I have this problem:
I have a server to which I ssh, and it has a special prompt request. The prompt is done by a ?prompt command.
It is fine with SSH, since the prompt I guess gets some input, but when I use SCP, the copy always fails.
So, I was wondering if there is maybe a flag for ssh and scp - so that interactive prompts are ignored.
(By the way, I need the prompt, so removing it isn't an option).
THANKS.

The prompt and response go into SSH stdio channels that are what scp uses to talk to the remote slave scp process, so it breaks the hand-shaking, and the transfer is aborted.
The right way to add additional prompts to SSH connections is through the keyboard-interactive authentication mechanism, probably with the help of some PAM module.
Your current approach just cripples SSH beyond simple usage patterns.

Related

Sending data from client to server vie SSH tunnel

I am fairly new to ssh and still learning it. Recently I have made a tunnel connection with an ssh host and managed to successfully transfer data/files from my machine to the server with the command: scp file.extension user#hostIP:/directory/directory.
While this was successful, I am kinda struggling to reverse it, sending data/files from the server to the client. How would one go about completing that? Do I need to make some changes to ssh_config or just CLI commands are enough?
You need to change the order:
scp user#hostIP:/directory/directory file.extension
that's accomplishing the invert operation, off course, assuming that the address is correct, the file exists and you have the necessary privileges.

Shell script to automate SSH login using password

I am trying to automate SSH login by using password. I can't use expect command or sshpass etc. So I am left with only option to use password directly.
Did lot of research in google and didn't get any solution... :(
Please help me with this.
The code I tried is.
#!/bin/bash
USERNAME=user1
PASSWORD=abcd1234
HOSTS="server01.mat.us"
ssh ${HOSTS} -l ${USERNAME} -p ${PASSWORD}
The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. This also applies to the scp and sftp file transfer utilities, which invoke ssh to make the SSH connection. I believe this is a deliberate decision on the part of the OpenSSH developers. You have these options available to you:
Use an SSH key for authentication, instead of a password.
Use sshpass, expect, or a similar tool to invoke ssh through a TTY and automate responding to the password prompt.
Use (abuse) the SSH_ASKPASS feature to get ssh to get the password by running another program, described here or here, or in some of the answers here.
Get the SSH server administrator to enable host-based authentication and use that. Note that host-based authentication is only suitable for certain network environments. See additional notes here and here.
Write your own ssh client using perl, python, java, or your favorite language. There are ssh client libraries available for most modern programming languages, and you'd have full control over how the client gets the password.
Download the ssh source code and build a modified version of ssh that works the way you want.
Use a different ssh client. There are other ssh clients available, both free and commercial. One of them might suit your needs better than the OpenSSH client.
I'd recommend to use ssh keys instead of password if it's possible.
This script can help you to upload your public key to desired remote machine:
https://github.com/aprey10/ssh-authorizer

How to ssh multiple times by JSch: port forwarding, ssh command or SSH tunnel?

By terminal I am able to SSH multiple times to connect to the server:
(client--->gateway--->server1---->server2---)
But now to do it through JSch library of Java, how to go about it?
First tried portforwarding, but on terminal I am not doing that (not setting -R -L parameters in ssh).
Then I came across question How to SSH to a server behind another SSH server using JSch?, but I don't understand how to create tcp tunnel!
Port-forwarding is the best way to go.
You do not do port forwarding in the terminal, as you connect to the second section manually by typing the ssh command. While you can automate that using JSch, it is not really a reliable way to try to simulate a human being. If you want to replace the first ssh (terminal) step with JSch, for the same reason you do not want to use ssh for the second step. The accepted answer in the question you link to also discourages you from trying that. While when everything goes ok, it might work. But once any problem steps in, your will have troubles dealing with it automatically. For example, you can hardly automate host key verification for the second server.
The SSH tunnel is port forwarding. But maybe the mentioned ProxySSH (which does not seem to exists anymore) did internally without opening a local port, but used the "port forwarding" channel directly by the second session. But that's a way too complicated to implement. Stick with simple port forwarding.
For a complete example, see:
JSch multiple tunnels/jumphosts

Transfering file to remote server behind a gate node with key authentication disabled - and compiling

I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)

Is there a way to allow all users to scp from a specific machine to another specific machine without password?

Currently I have a machine setup to send files it generates via a script to a remote server for file storage, where each user has their own folder on the remote server, which they can then SFTP into to get their files.
Currently, when the machine generating the files copies them over, via SCP, it prompts for a password for the user it's sending to.
What I would like to be able to do is enable the machine to send the files to the individual user accounts without prompting for a password. I've read a few ways to do this by creating ssh keys in each user's accounts. However, due to the volume of users, I was wondering if there was a way to enable machine1 to be able to scp files to any user account on the remote file server without prompting for a password each time?
You can set up host-based authentication on the target host to accept connections from the source host. This will work for any kind of SSH access, not just SCP. If you want to limit users to just SCP, there are ways to do that. see this question for example.
Try something like:
sshpass -p scp -o StrictHostKeyChecking=no source dest
I have used it on some linux machine. Don't know if it always work (last day i tried on osX and it refused cause it will break ssh security)
BTW you have to install sshpass