Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-19-2016, 12:31 AM
|
#1
|
Member
Registered: Nov 2011
Posts: 69
Rep:
|
scripting
good day folks
I need to write a script which restricts X User login to a list of specific servers for him to choose the desired server then for the user to insert a generic user password to access normally on that server normally as a command line privileged user
I am so bad in scripting and I need this help for me to solve a lot
Thanks in advance
|
|
|
12-19-2016, 01:01 AM
|
#2
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
|
Find the pieces one at at time and them together, in sequence, in a text file.
The step I'd start with would be the remote login.
However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.
|
|
|
12-19-2016, 06:07 AM
|
#3
|
Member
Registered: Nov 2011
Posts: 69
Original Poster
Rep:
|
Quote:
Originally Posted by Turbocapitalist
Find the pieces one at at time and them together, in sequence, in a text file.
The step I'd start with would be the remote login.
However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.
|
actually I want X user to access my master server so he can jump network restriction, thats why i am welling to make a script to limit the user in choosing the desired server he want to connect to by his own password, and we are not allowed to configure RSA in this task
|
|
|
12-19-2016, 06:19 AM
|
#4
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
|
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.
|
|
|
12-19-2016, 06:23 AM
|
#5
|
Member
Registered: Nov 2011
Posts: 69
Original Poster
Rep:
|
Quote:
Originally Posted by Turbocapitalist
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.
|
I want to write a script to be added in a user profile to get a limited list of servers while log in and thats it, can you let me take care of access related later on please ? just forget about what method will be used to access the server
|
|
|
12-19-2016, 06:31 AM
|
#6
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
|
If you really want a shell script, then you can use a case statement. Scripting would be the hard way to go about it.
If you go with SSH you do not need a script. You can put a shortcut in ~/.ssh/config and that will handle all your connection options.
Code:
Host one
Hostname serverone.example.com
User 1300
IdentityFile /home/1300/.ssh/key_one_ed25519
IdentitiesOnly yes
Host two
Hostname 203.0.113.224
User 1300
IdentityFile /home/1300/.ssh/key_two_ed25519
IdentitiesOnly yes
...
Then to get to serverone.example.com you would just type ssh one or to get to 203.0.113.224 you would just type ssh two. Your full list of options are in man ssh_config, so you could even add options to use one or more of the machines as jump hosts / bastions. No scripting is needed for that.
Last edited by Turbocapitalist; 12-19-2016 at 06:59 AM.
Reason: typo
|
|
|
12-19-2016, 06:56 AM
|
#7
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,929
|
In scripting you can provide a menu interface that only specifies certain hosts to which they can connect. It is using the keys properly that you RESTRICT their ability to connect to hosts OUTSIDE of the script, and enable the script to make the desired connections.
You cannot just say "I want a script to do everything" because scripts (shells) do not manage all of the parts involved. You have to use the tools properly to make a working and reasonably secure solution.
|
|
|
All times are GMT -5. The time now is 07:11 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|