|
| ||
| SSH that requires a password via a bash script Hey guys- I'm trying to create a BASH script that will connect to a remote server, via SSH that requires a password, and then search a log file for the word error, store the output in a file, and then return the file to the local machine. I would like this process to be completely automated and run via cron. How would you go about supplying a password to SSH or scp? Is there a better way I should be doing this? I'd like to avoid the route of setting up public/private DSA/RSA keys, and would like to find a way to do this via scripting. I'd appreciate any input. Thanks in advance. So far, this is what I have. #!/bin/bash #Global Variables - Established in case variables are not passed to the script. server="my_server" #The name of the server that we'll connect to. local_server="host" #The name of the host machine. uName="user" #The user name that we will use for this connection. pass=`cat /root/LDAP.pwd` #A secure password file. ssh -l $uName $server <<- EOF #I need a password here somehow cd /var/log grep error log.txt > myErrors.txt scp myErrors.txt $uName@$local_server #I need a password here somehow EOF |
| ||
| Re: SSH that requires a password via a bash script Hey There, What you're trying to do is possible, if you use a program like "expect" to pass your password interactively (well, mock-interactively ;) to ssh and/or scp. However, your downside security wise would be much steeper than setting up dsa keys and strict trust (user@ip, etc). Are you avoiding ssh key-exchange because it's a hassle to setup? I only ask because it has a major upside. Giving a password in a script is almost guaranteed to be much less secure (assuming you don't want people to know the password - if that's not a huge concern, and you just need to get the job done with an account that can suffer a compromise, let me know). Check out "expect" as a way to work around this if you need to. ssh and scp don't provide any mechanisms for non-interactively giving them a password other than through (at worst) rsa-keys or rhosts authentication. Best wishes, Mike |
| ||
| Re: SSH that requires a password via a bash script Thanks for the info. One of the server guys here at my work had mentioned "expect". I can run the script as sudo and the password file is in root's home, so I'm not too worried about compromised security if I can pass the value to ssh or scp from a file, which is what I was hoping I could do. Expect would seem to open a security hole, so I would prefer finding another method, if possible. The DSA key is a possibility, but I need to figure out how to import it from another machine that is already setup with one. On a personal note, I just like to figure out a way to accomplish my goal. I'm sure there has to be some neat little trick that I'm msising. |
| ||
| Re: SSH that requires a password via a bash script The bummer is that ssh/scp don't provide for any way (hence "expect") for you to pass them a password in non-interactive mode. If you need to set up keys, maybe this will help - a quick step by step assuming user1 (should be whomever is going to be doing the actual transfer, so if root is running an scp for another user, that user's key will be important) 1. On the sending host, if you havent' already, for root and/or the user who the transfer will be done as, log into that account and run: ssh-keygen -t dsa just hit enter for all the defaults. Don't enter an extra security password or even this won't work automatically ;) 2. On the receiving host, for the user account that will be being transferred to (regardless of "where" on the machine the data is going if user2 is accepting the data and you're putting it in /tmp we need to run this command in user2's homedir) either login as user2 and run ssh-keygen -t dsa (unnecessary if you do the next thing ;) or mkdir -m 700 .ssh cd into .ssh in user2's home directory and create a file called (depending on what version of ssh you're running) authorized_keys or authorized_keys2 (doesn't hurt to do both, either) 3. Populate authorized_keys or authorized_keys2 with the output from the id_dsa.pub file from the user on the sending host. If you cut and paste, make sure that the entry is one line when you put it into authorized_keys/authorized_keys2 A simpler way to setup the authorized_keys files is to do your first interactive scp how you would want to automate it and scp your id_dsa.pub file to user2@theOtherHost:~/.ssh/authorized_keys and/or to user2@theOtherHost:~/.authorized_keys2 Then just send the file again (shouldn't get prompted for a password) or do a simple ssh over (the way you would during your execution) and your command should be executed remotely without a password prompt. Hope that was helpful and I didn't leave too much out :) Best wishes, Mike |
| All times are GMT -4. The time now is 9:16 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC