LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   scripting (https://www.linuxquestions.org/questions/linux-newbie-8/scripting-4175595712/)

1300 12-19-2016 12:31 AM
scripting
 
good day folks

I need to write a script which restricts X User login to a list of specific servers for him to choose the desired server then for the user to insert a generic user password to access normally on that server normally as a command line privileged user

I am so bad in scripting and I need this help for me to solve a lot

Thanks in advance

Turbocapitalist 12-19-2016 01:01 AM
Find the pieces one at at time and them together, in sequence, in a text file.

The step I'd start with would be the remote login.

However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.

1300 12-19-2016 06:07 AM
Quote:
Originally Posted by Turbocapitalist (Post 5643774)
Find the pieces one at at time and them together, in sequence, in a text file.

The step I'd start with would be the remote login.

However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.
actually I want X user to access my master server so he can jump network restriction, thats why i am welling to make a script to limit the user in choosing the desired server he want to connect to by his own password, and we are not allowed to configure RSA in this task

Turbocapitalist 12-19-2016 06:19 AM
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.

1300 12-19-2016 06:23 AM
Quote:
Originally Posted by Turbocapitalist (Post 5643830)
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.
I want to write a script to be added in a user profile to get a limited list of servers while log in and thats it, can you let me take care of access related later on please ? just forget about what method will be used to access the server

Turbocapitalist 12-19-2016 06:31 AM
If you really want a shell script, then you can use a case statement. Scripting would be the hard way to go about it.

If you go with SSH you do not need a script. You can put a shortcut in ~/.ssh/config and that will handle all your connection options.

Code:
Host one
        Hostname serverone.example.com
        User 1300
        IdentityFile /home/1300/.ssh/key_one_ed25519
        IdentitiesOnly yes

Host two
        Hostname 203.0.113.224
        User 1300
        IdentityFile /home/1300/.ssh/key_two_ed25519
        IdentitiesOnly yes

...
Then to get to serverone.example.com you would just type ssh one or to get to 203.0.113.224 you would just type ssh two. Your full list of options are in man ssh_config, so you could even add options to use one or more of the machines as jump hosts / bastions. No scripting is needed for that.

wpeckham 12-19-2016 06:56 AM
In scripting you can provide a menu interface that only specifies certain hosts to which they can connect. It is using the keys properly that you RESTRICT their ability to connect to hosts OUTSIDE of the script, and enable the script to make the desired connections.

You cannot just say "I want a script to do everything" because scripts (shells) do not manage all of the parts involved. You have to use the tools properly to make a working and reasonably secure solution.


All times are GMT -5. The time now is 05:58 PM.