script to ssh to a unix server - automation

It will be helpful if somebody could tell me how to connect to a unix server using username and password as arguments.my username and password is "anitha".
How can i create a shell script which automatically connect to my unix server with this username and password?

I guess you want to remotely connect to your *nix server from network. Base on my guess, to:
connect to remote *nix server, everybody is using SSH
ssh anitha#anitha ip-to-unix-server
automatically connect, write simple bash shell wrap around your ssh connect command and do something, not suggested, you should use ssh password less login (aka public/private key)
#!/usr/bin/env bash
ip=172.16.0.1 #replace 172.16.0.1 with your unix server's ip
username=anitha #your ssh username
password=anitha #your ssh password
command=who #what do you want to do with remote server
arguments= #arguments for your command
expect -c 'spawn ssh $username#$ip ; expect password ; send "$password\n" ; interact'
connect without typing password, you may need to use SSH password less login

Use sshpass if you really need to use non-interactive keyboard-interactive authentication (pun intended) or better switch to using pubkey-based authentication.
Note that passing the password in clear to the ssh client is very lame as the password gets exposed in the publicly-readable process list where it can be read by anyone. sshpass works around this problem by creating a pseudo-terminal and communicating with the ssh client using it, so at least the password is not exposed at runtime.

Step 1:
jsmith#local-host$ [Note: You are on local-host here]
jsmith#local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith#local-host
Step 2:
From Local-host, run this One liner for password less ssh connectivity.
cat ~/.ssh/id_dsa.pub | ssh useronanotherserver#anotherservername 'cat >> ~/.ssh/authorized_keys'

You should use expect, which is an extension of tcl that was made specifically for automating login tasks.
Basic ssh login question: could not able to spawn(ssh) using expect
How to interact with the server programattically after you have established the session: Expect Script to Send Different String Outputs

Related

Can I pass RSA hostkey of server as PuTTY command line option?

Do we have option on PuTTY command line to send RSA hostkey as an argument similar to WinSCP -hostkey.?
PuTTY command currently used:
putty.exe -ssh -l username -pw password -m command.txt RemoteServerIP
Is there a option like WinSCP where RSA hostkey can be passed just like below:
open sftp://username :password#RemoteServerIP/ -hostkey="ssh-rsa 2048 11:2c:5d:f5:22:22:ab:12:3a:be:37:1c:cd:f6:13:d1"
Also let me know, if my option of using PuTTY for this task is a bad option.
Detailed explanation for those who are interested to know entire background:
I have developed a Django application to kick off some remote scripts
and get the task done. This uses putty ssh to run commands at the
background using subprocess module, parameters are passed from the
Djangofront end.
Problem I am facing is, There are multiple users who will use this
application to kick off their scripts. Only requirement is they have
to store IP address and RSA key of the server on a config file on
Django Server.
Since all of the servers use RSA key, for the first login it asks to
confirm the RSA fingerprint storage prompt.
Usually when we kick off this manually from our local machine we give
Yes, for the first time. and subsequent runs it won't ask for the
confirmation.
Since these scripts will be running from a DjangoServer where users
won't have access, is there a way I can still be able to run the
remote scripts using putty?
Please note I am aware of kicking off script using WinSCP but
unfortunately in our environment I cannot kickoff Scripts from
WinSCP, but I can FTP using WinSCP and I use hostkey option so it
does not prompt for confirmation
There are several ways of dealing with SSH/SCP/SFTP host key verification.
One way is described in this answer to a similar question on ServerFault. Echo y or n depending on whether you do or don't want the key added to the cache in the registry. Redirect the error output stream to suppress the notification messages.
echo 'y' | plink -l USERNAME HOSTNAME 'COMMANDLINE' 2>$null # cache host key
echo 'n' | plink -l USERNAME HOSTNAME 'COMMANDLINE' 2>$null # do not cache host key
Note, however, that this will fail if you don't want to cache the key and use batch mode:
echo 'n' | plink -batch -l USERNAME HOSTNAME 'COMMANDLINE' # this won't work!
Note, however, that this approach essentially disables the host key verification, which was put in place to protect from man-in-the-middle attacks. Which is to say that automatically accepting host keys from arbitrary remote hosts is NOT RECOMMENDED.
Better alternatives to automatically accepting arbitrary host keys would be:
Saving a PuTTY session for which you already validated the host key, so you can re-use it from plink like this:
plink -load SESSION_NAME 'COMMANDLINE'
Pre-caching the host key in the registry prior to running plink. There is a Python script that can convert a key in OpenSSH known_hosts format to a registry file that you can import on Windows if you don't want to manually open a session and verify the fingerprint.
Providing the fingerprint of the server's host key when running plink:
$user = 'USERNAME'
$server = 'HOSTNAME'
$cmd = 'COMMANDLINE'
$fpr = 'fa:38:b6:f2:a3:...'
plink -batch -hostkey $fpr -l $user $server $cmd
All of these assume that you obtained the relevant information via a secure channel and properly verified it, of course.
PuTTY also has -hostkey switch, just with a slightly different syntax:
-hostkey 11:2c:5d:f5:22:22:ab:12:3a:be:37:1c:cd:f6:13:d1
And indeed, PuTTY is not the right tool to automate command execution.
Instead, use Plink (PuTTY command-line connection tool):
plink.exe -ssh -l username -pw password -hostkey aa:bb:cc:... hostname command

How to use SSH and remote web server with a Mac

This is the first time I'm doing this. I generated a key on my Mac and I have id_dsa, id_dsa.pub. I imported public key into my cPanel. After reading a few tutorials and blogs I'm still lost. How can I connect to my server from this point?
To connect, you would do this: ssh -l yourusername the.server.address from Terminal.
For instance, your username is kira, and your server is my.server.net:
ssh -l kira my.server.net
You will be prompted for your password, and the you're in (provided you enter a correct password of course)

Why do I still have to enter password after I entered ssh-agent and ssh-add?

I'm learning Ansible, in a setup document : http://docs.ansible.com/intro_getting_started.html
It says if I don't want to enter password every time, I can do :
$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa
I did it, but how come I still have to enter password every time ?
Then it says "you may wish to use Ansible’s --private-key option", but I can't find any document on that. Whay's that for and how to do it ?
I'm not sure about Ansible, but I know a bit about how ssh keys work
When you generate a new SSH key with the ssh-keygen command (which by default goes to the ~/.ssh/id_rsa file), it asks you to put in a passphrase(password)
Whenever you use that key, it will ask you for that passphrase.
If you create a new key with
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/YOUR_USERNAME/.ssh/id_rsa_nopass
Enter passphrase (empty for no passphrase): [just press enter, don't type anything]
Enter same passphrase again: [just press enter again]
This will create both an id_rsa_nopass private key file, and an id_rsa_nopass.pub public key file in the directory you chose (/home/user/.ssh)
You should then be able to use the following command, assuming ansible is set up to use your ssh keys correctly
$ ssh-add ~/.ssh/id_rsa_nopass
NOTE: Using an ssh key without a passphrase can be dangerous, as anybody can access your device and connect without knowing your password. If you don't mind this, then a no-passphrase ssh key is a good way to avoid typing a password everyone
edit: Just looked into Ansible a bit, it's basic setup is just to run a command on an ssh server, right?
In which case, you may need to add your public key to whichever server you are connecting to, this can usually be done via the command
ssh-copy-id -i /path/to/your/public/key/file yourname#yourserver.com -p your_server's_ssh_port
For example, to authorize the id_rsa_nopass key from earlier to the account foobar on the server example.org, with ssh port 10022 you would do
ssh-copy-id -i ~/.ssh/id_rsa_nopass.pub foobar#example.org -p 10022
This will prompt you for the password to foobar#example.org, upon filling in the password it will authorize that public key to connect to that server, and since id_rsa_nopass has no passphrase, you should now be able to connect without any password prompt

Create script/shortcut to login via ssh

My issue is that everytime I have to login to a given account on a linux server (there are many) I have to go pull a text file not I have to look at the username and ip.
Example: "ssh some_user#xxx.xxx.xxx.x -pxxxxx"
I want to make my life a little easier by creating a shortcut, e.g. "ssh some_user"...
I searched and could not find an answer, likely not using the right terminology.
Thanks!
You can use the ssh client configuration file (.ssh/config). If you have to type ssh -p 1234 mylogin#my.server.with.a.long.name.com, you can populate your config file with
host server
hostname my.server.with.a.long.name.com
user mylogin
port 1234
Then you can simply type ssh server and it will have the same effect. You can have as many entries in your .ssh/config file as you want and even use wildcards (*)
If you are using a recent version of bash, you can furthermore make use of the command_not_found_handle function:
command_not_found_handle () {
if grep "host $1" ~/.ssh/config &>/dev/null; then
ssh $#
else
printf "Sorry: Command not found: $1\n"
return 127
fi
}
Then you can connect simply with
server
I dont know if I understood your problem correct, but a proper ssh config file make life muuuch easier. No IP, no domain, no password, not even a username.
See the man page: http://linux.die.net/man/5/ssh_config
I like things like ssh vm, or scp vm:... no more scp blablubb#192.168.226.xy:...+ passphrase.
Also see ssh-keygen and ssh-copy-id for asymmetric key exchange. Will get you rid of typing passwords.
Generally I recommend to read a ssh tutorial.

How to force SSH to fail instead of password input session when the key pair is not valid?

When I connect to remote machine using SSH, it asks me to input password if the key pair is invalid.
ssh -i keyfile root#server.com
root#server.com's password:
How can I force SSH to fail instead of asking when the key pair file is invalid? This is for bash script automation.
Disable standard input with ssh -n