Script to Ssh Login and Again Login to Another Machine
Are you looking for a Trounce Script that connects to remote server and executes some commands or another script? Are you lot looking for a Shell Script which SCP files to a remote server? Are you looking for Shell Script to SSH with Password and Automatically handle the Password Prompt?
Wondering how to manage the Countersign Prompt while using SSH and SCP within the Script. ?
Else, Are you looking for an respond to any of the following questions
- SSH from Trounce Script to Remote Server and Execute Multiple Commands
- shell script ssh with password
- shell script ssh without password prompt
- how to handle password prompt in a beat script
- ssh without cardinal pair (or) fundamental authentication
- SCP beat script with countersign
- SCP command in beat script without prompting password
Then this post is for y'all
So how exercise you connect to remote Linux server Ordinarily ( From Concluding)
To Login to remote servers we use SSH and to transfer files between Linux Servers we SCP. I presume that y'all might take used this in your feel.
At present while using the SSH and SCP command you would exist prompted for the password earlier information technology lets you practise anything with the remote Linux Server.
If it is last y'all tin can actually enter/type the password yourself and keep.
Just what will you do when y'all desire to use the SSH and SCP commands inside the Shell Script.
And so, How do yous handle the Password Prompt of SSH and SCP within the Shell Script?
There are 2 means.
- Create Passwordless SSH connection betwixt servers using Cardinal-based Authentication
- Utilize SSHPass to pass the password with your SCP and SSH commands. discussed in this post
Yeah the objective of this post is to make you able to use SSH and SCP inside the Crush Script and handling the Password prompt without having to create Cardinal based authentication
And so permit'south Keep.
Before going to the Shell Script. Let united states of america encounter the same requirement washed in the terminal/shell.
And so, How to connect to SSH or SCP without being prompted for the Password (Terminal)
The Answer is. You should use SSHPASS along with yourSSH and SCP commands
What!!!.
SSHPASS command reads the password from a FILE or from STDIN and laissez passer information technology on to the SSH and SCP control, and thereby preventing the SSH and SCP commands from prompting for a countersign
See the example in real time.
So every bit shown in the preceding tape. I have to perform the following steps to log in to the remote server without being prompted or in other words, Make SSH read password from a file using SSHpass
Step1: Create a password file and type in your password as a clear text ( Not a Secure Method )
[[email protected] ~]$ cat > .passwrdfile vagrant [[e-mail protected] ~]$ cat .passwrdfile vagrant
Step2: Refer the password file in SSHPASS and pass it to SSH.
[[electronic mail protected]mwivmapp01 ~]$ sshpass -f.passwrdfile ssh mwivmapp02 Concluding login: Saturday Jun i twenty:36:fourteen 2019 from 192.168.43.11 [[email protected]mwivmapp02 ~]$ exit [[email protected]mwivmapp01 ~]$ In the preceding snippet shown. you can notice that there was no password prompt and nosotros have successfully logged in to the remote server [mwivmapp02]
There is a Security flaw in this approach. Whoever gets access to this password file can get the password as it is a plain text. therefore, it is not a recommended approach.
How to use SSHPASS inside the Beat out Script ( A Secure Approach )
Now we are going to use the SSHPASS within the Crush Script and this time we are going to read the password from the user instead of keeping information technology in a file
we are going to use sshpass -p for that. Hither -p represents the Articulate Text password
We cannot use this in the terminal as the history would show the password as a clear text to whoever logged in to the System.
But with Script it is OK equally the Variables are alive only during the lifetime of the Script and they cannot be seen in the history.
The Script does the following tasks
- Gets UserName and Countersign from the User
- Read the list of server names from a
Serverlist.propertiesfile - Create a Script on the Runtime named
TestScript.shusing HereDocument - Copy the Created TestScript to the remote server using SCP
- Execute the Copied TestScript on the remote server using SSH
The Serverlist.properties file
we take intentionally kept simply i server. you can have more based on your need.
mwivmapp02
The Script file [RemoteExec.sh]
#!/bin/bash echo "Enter the Remote UserName" read rmtuname echo "Enter the Remote Countersign" read -s rmtpasswrd for server in `cat Serverlist.properties` do echo "Processing ServerName " $server cat << 'EOF' > ./TestScript.sh echo "My Name is $0" repeat "I am Running on `hostname`" echo "The Date on the Current Organisation is `date`" repeat "That's all!!. I am Exitting" get out 0 EOF chmod a+x TestScript.sh sshpass -p$rmtpasswrd scp -o UserKnownHostsFile=/dev/cypher -o StrictHostKeyChecking=no TestScript.sh $rmtuname@$server:/tmp/TestScript.sh sleep 5 sshpass -p$rmtpasswrd ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $rmtuname@$server "/tmp/TestScript.sh" washed The Dynamically Created TestScript.sh
#!/bin/bash echo "My Name is $0" echo "I am Running on `hostname`" repeat "The Date on the Current Organisation is `appointment`" echo "That's all!!. I am Exitting" go out 0 Runtime Output of RemoteExec.sh
[[email protected] tmp] mwivmapp01 [[email protected] tmp] Enter the Remote UserName vagrant Enter the Remote Password Processing ServerName mwivmapp02 Alarm: Permanently added 'mwivmapp02,192.168.43.12' (ECDSA) to the listing of known hosts. Alarm: Permanently added 'mwivmapp02,192.168.43.12' (ECDSA) to the list of known hosts. My Proper name is /tmp/TestScript.sh I am Running on mwivmapp02 The Date on the Electric current System is Sat Jun 1 22:17:07 UTC 2019 That's all!!. I am Exitting [[email protected] tmp]# Yous can see that the script has been created dynamically and shared with the remote server and executed and the output has been displayed.
Some Security Testing I did, to verify if ps reveals my password
I wanted to see if this is a Real Secure approach
Being aware that, All the commands being executed inside the Shell Script would somewhen evidence up in the outcome of PS at least during the time of execution
Though the sshpass -p is inside the script. I idea if another user who have access to the last tin can use ps command to get the password
So I wanted it to test it myself.
I used ps -auxwww command and was searching for the keyword sshpass on the mwivmapp01 server afterward invoking the script
This is what I got.
I found some Random Characters replacing my actual password. Thanks to the Developers of SSHPASS
Then It is clear that you cannot get the countersign using PS using this Method. Hence it is proved to be Secure
Hope this article helps. Rate this commodity [ratings]
If you detect any problems in this commodity (or) security issues with this approache delight feel free to enlighten me
Thanks,
Sarav AK
Follow us on Facebook or Twitter
For more applied videos and tutorials. Subscribe to our channel
Observe me on Linkedin My Profile
For whatsoever Consultation or to hire u.s.a. [electronic mail protected]
If y'all like this article. Testify your Support! Buy me a Java.
Signup for Exclusive "Subscriber-merely" Content
Source: https://www.middlewareinventory.com/blog/shell-script-to-ssh-multiple-servers-with-password/
Post a Comment for "Script to Ssh Login and Again Login to Another Machine"