LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-19-2016, 12:31 AM   #1
1300
Member
 
Registered: Nov 2011
Posts: 69

Rep: Reputation: Disabled
scripting


good day folks

I need to write a script which restricts X User login to a list of specific servers for him to choose the desired server then for the user to insert a generic user password to access normally on that server normally as a command line privileged user

I am so bad in scripting and I need this help for me to solve a lot

Thanks in advance
 
Old 12-19-2016, 01:01 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
Blog Entries: 4

Rep: Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831
Find the pieces one at at time and them together, in sequence, in a text file.

The step I'd start with would be the remote login.

However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.
 
Old 12-19-2016, 06:07 AM   #3
1300
Member
 
Registered: Nov 2011
Posts: 69

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
Find the pieces one at at time and them together, in sequence, in a text file.

The step I'd start with would be the remote login.

However, you do not want to keep passwords around in any files. The way to do remote login these days is with keys over SSH. Use RSA or Ed25519 keys only, but other than that most of the tutorials and how-tos will be relevant.
actually I want X user to access my master server so he can jump network restriction, thats why i am welling to make a script to limit the user in choosing the desired server he want to connect to by his own password, and we are not allowed to configure RSA in this task
 
Old 12-19-2016, 06:19 AM   #4
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
Blog Entries: 4

Rep: Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.
 
Old 12-19-2016, 06:23 AM   #5
1300
Member
 
Registered: Nov 2011
Posts: 69

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
Ok. Then use Ed25519 instead of RSA then. ssh-keygen works about the same to generate the key, just add -t ed25519 to your options to produce the right key type. The public component of the key pair will then go into authorized_keys on the intermediate host as you would for RSA.
I want to write a script to be added in a user profile to get a limited list of servers while log in and thats it, can you let me take care of access related later on please ? just forget about what method will be used to access the server
 
Old 12-19-2016, 06:31 AM   #6
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
Blog Entries: 4

Rep: Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831
If you really want a shell script, then you can use a case statement. Scripting would be the hard way to go about it.

If you go with SSH you do not need a script. You can put a shortcut in ~/.ssh/config and that will handle all your connection options.

Code:
Host one
        Hostname serverone.example.com
        User 1300
        IdentityFile /home/1300/.ssh/key_one_ed25519
        IdentitiesOnly yes

Host two
        Hostname 203.0.113.224
        User 1300
        IdentityFile /home/1300/.ssh/key_two_ed25519
        IdentitiesOnly yes

...
Then to get to serverone.example.com you would just type ssh one or to get to 203.0.113.224 you would just type ssh two. Your full list of options are in man ssh_config, so you could even add options to use one or more of the machines as jump hosts / bastions. No scripting is needed for that.

Last edited by Turbocapitalist; 12-19-2016 at 06:59 AM. Reason: typo
 
Old 12-19-2016, 06:56 AM   #7
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 5,929

Rep: Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817Reputation: 2817
In scripting you can provide a menu interface that only specifies certain hosts to which they can connect. It is using the keys properly that you RESTRICT their ability to connect to hosts OUTSIDE of the script, and enable the script to make the desired connections.

You cannot just say "I want a script to do everything" because scripts (shells) do not manage all of the parts involved. You have to use the tools properly to make a working and reasonably secure solution.
 
  


Reply

Tags
scripting


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Shell Scripting Part I: Getting started with bash scripting LXer Syndicated Linux News 0 04-29-2015 08:03 AM
Scripting pr0xibus Programming 3 02-17-2014 02:56 PM
LXer: Scripting the Linux desktop, Part 2: Scripting Nautilus LXer Syndicated Linux News 0 02-17-2011 04:02 AM
Firefox Scripting Add-on (Scripting HTML / Javascript inside Firefox) linuxbeatswindows Programming 1 09-18-2009 10:09 PM
teaching shell scripting: cool scripting examples? fax8 Linux - General 1 04-20-2006 04:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration