Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I will need to create a shell script which will automatically login to a Juniper Firewall via ssh. Obviosly the script will need to be able to send the password. I read somewhere that the recomended method to do is using ssh-key-gen, however the Juniper has only limited CLI commands and i am not sure this method will work as i will need to upload the key file. Another method is to create an expect script. I tried to create but i am missing something. As the ssh login will be only local the fact that the pass will be stored in a file in clear text it is not a big issue. Could someone please help me with creating an expect script?
Most sane people would not help you with this, even if they knew how because making this public knowledge lowers the threshold for script 'kiddies' to make even more brute force ssh attackers.
That being said, I certainly recommend using a host key and disabling password logins. I am sysadmin at work and as soon as I disabled password logins on SSH, and looking at the logs, the SSH server disconnects the 'client' before it can even try to send a password.
Most sane people would not help you with this, even if they knew how because making this public knowledge lowers the threshold for script 'kiddies' to make even more brute force ssh attackers.
That being said, I certainly recommend using a host key and disabling password logins. I am sysadmin at work and as soon as I disabled password logins on SSH, and looking at the logs, the SSH server disconnects the 'client' before it can even try to send a password.
Thanks for your advise. We have to use ssh passwords for various reasons. The ssh login expect script is publically accessible on internet for everyone and it is here:
Thanks for your advise. We have to use ssh passwords for various reasons. The ssh login expect script is publically accessible on internet for everyone and it is here:
I believe if it was such a big threat it would be more dificult to find the info.
I was following the script and it is working fine now.
That's pretty cool. Glad I subscribed to this post... I always wondered how to do this without the use of public keys. Ssh'ing into devices like switches or PDU's is always a pain to do through scripts.
Hey Martin I found your script very interesting, right now Im Trying to solve a nasty situation Regarding the "one time password" in ssh autentication, at this point we frankenscript's work based on the ip.list, and log_file command.list for backups, But I'm in a situation WHERE 500 routers use one time password - the hardware based tokens (-I know) I've Trying to figure it out how can i loop the ssh authentication When a new IP is read from ip.sheet it manually / interactively authenticate every device When the script's close and read the next IP addresses fro the ip.list, But got no idea how Could I aproach this issue? CAN you give me some advice? Thanks, Xoir
Hey Martin I found your script very interesting, right now Im Trying to solve a nasty situation Regarding the "one time password" in ssh autentication, at this point we frankenscript's work based on the ip.list, and log_file command.list for backups, But I'm in a situation WHERE 500 routers use one time password - the hardware based tokens (-I know) I've Trying to figure it out how can i loop the ssh authentication When a new IP is read from ip.sheet it manually / interactively authenticate every device When the script's close and read the next IP addresses fro the ip.list, But got no idea how Could I aproach this issue? CAN you give me some advice? Thanks, Xoir
If you have relation 1 to 1 (IP address and password), you can create password file and read pass for each line same as for IP address.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.