LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-12-2013, 07:12 PM   #1
Srinivas Gadi
LQ Newbie
 
Registered: Dec 2012
Posts: 22

Rep: Reputation: Disabled
Unable to loginto remotely with password on same line


Hi All,

Would like to write a script to get some details hence i am passing the password on same line as below

echo $pas | ssh sgadi@cgw463.hyd 'date'

but still it is being prompted for password rather than automatically get the password from $pass

Can any one help me to get rid of this.
 
Old 03-12-2013, 07:33 PM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

you are using the wrong approach here. Instead of using a password you should be using public/private key authentication (RSA auth in this case). With this method you do not need to enter a password every time you ssh somewhere.

The web is simply full of information on how to do this. The first hit in the following search is probably all you need to set it up.

https://duckduckgo.com/?q=ssh+rsa+au...on+ssh-copy-id

Then running ssh-add once per session will allow you to ssh to all hosts to which you have copied your public key without a password.

HTH,

Evo2.
 
Old 03-12-2013, 10:44 PM   #3
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
You cannot pass the password in this way. Instead, if you want to invoke ssh in your script, then manage to get password less login on remote machine. To do so, follow as:

(1) Generate you ssh rsa keys on local machine, using:
Code:
localhost~$ ssh-keygen -t rsa
It will generate a /home/username/.ssh/id_rsa.pub file, containing your key.

(2) Copy that key on remote server's /home/username/.ssh/authorized_keys file, as:
Code:
localhost~$ cat ~/.ssh/id_rsa.pub | ssh sgadi@cgw463.hyd 'cat >> ~/.ssh/authorized_keys'
After doing this successfully, you will be able to login without password from your local machine to sgadi@cgw463.hyd.

For more clarification, read here.

Last edited by shivaa; 03-13-2013 at 01:20 PM. Reason: Added
 
Old 03-13-2013, 12:48 PM   #4
Srinivas Gadi
LQ Newbie
 
Registered: Dec 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thank you for all your help.

I will explore my requirement so that you will have an idea,

We have around 500 local desktop machines and Users are working on it, system restart is mandatory to open few tools , all the time users may miss to restart the machine and escalate to for assistance.

So though to create a script to prompt a window to restart the machine whenever they try to open the tool if the system was not restarted and when the click on ok it should reboot.

users does't have sudo or admin access to reboot from terminal hence wanted to pass my credential through scripts as i have sudo access to reboot the system when they hit the ok button on the window.

Hope this is clear, please advice what should be my next step to achieve this.
 
Old 03-13-2013, 01:21 PM   #5
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
As I said above, first do a password-less login on the remote machine, so you will need not to share your password with users.

After that any user can simply invoke (I assume it's a linux machine):
Code:
~$ ssh sgadi@cgw463.hyd "sudo shutdown -r now"
 
Old 03-13-2013, 02:44 PM   #6
Srinivas Gadi
LQ Newbie
 
Registered: Dec 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
I am sorry if i am not clear on my concern

I tried the passwordless login process but

I will give this command ssh myusername@localdeskip "sudo reboot" to the user
How would user run this command without my login and sudo credentials even after enabled the password less login as you said earlier?

I
 
Old 03-13-2013, 03:49 PM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,811

Rep: Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190
Quote:
Originally Posted by Srinivas Gadi View Post
I am sorry if i am not clear on my concern I tried the passwordless login process but

I will give this command ssh myusername@localdeskip "sudo reboot" to the user How would user run this command without my login and sudo credentials even after enabled the password less login as you said earlier?
They wouldn't. If you trust a user to be able to perform administrator actions (like reboot a server), then you add them to the SUDOER's file too, so that THEY could run the command. Also, if you read the man page on ssh, you can specify which identity file, key, and user name they log in as. Putting your own user ID/password into a script is a TREMENDOUSLY bad idea, especially if you're the administrator.

The better thing to do would be modify the sudoer's file on your machines to allow users to ONLY run the reboot command as root. That way, they could ONLY reboot their machines, and do nothing else, and your password isn't exposed.
 
Old 03-13-2013, 10:09 PM   #8
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
TB0ne is correct. Although a password less login won't expose your password, but it also gives full rights to the user. So it'd be better to add those users to sudoers file and allow them only 1 or 2 commands like shutdown and reboot.

Take a note, since you're also using 'sudo' to do admin tasks, so even after a password less login, those users will need your password to do a 'sudo'.

Better add users to /etc/sudoers as:
Code:
~$ sudo visudo
username    sgadi@cgw463.hyd=/sbin/shudown /sbin/reboot
User then can:
Code:
~$ sudo shutdown -r now
 
Old 03-13-2013, 10:53 PM   #9
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

why can't you configure the DE to allow rebooting for local users? AFAIK most DEs have this sort of thing built in. What DE are these machines running.

Evo2.
 
1 members found this post helpful.
Old 03-14-2013, 02:09 PM   #10
Srinivas Gadi
LQ Newbie
 
Registered: Dec 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thank you for your advise.

Found a solution that , changed the reboot command privileges by chmod u+s /sbin/reboot,
Now normal user can also able to execute this command.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Change password of linux servers remotely linux_bud Programming 2 11-26-2009 04:55 AM
To execute two commands in a single line remotely ZAMO Linux - General 12 10-31-2008 01:31 AM
automating password change remotely noir911 Linux - Security 1 03-23-2006 08:32 AM
VSFTPD - Change Password Remotely? foxbat77 Linux - Networking 0 08-31-2004 08:46 AM
Help: Unable to connect remotely tejpatil Linux - Newbie 3 02-14-2004 08:36 PM


All times are GMT -5. The time now is 08:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration