UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello people, i am having a problem logging into a remote server using an expect script.
More specifically i am using said script to log in a server via ssh, that part is successful, but once connected to the first server i try to connect to another pc via telnet and the connection times out, the curiosity is if i replicate the whole process manually (i.e. i am the one typing all the commands) the telnet works, i will put here a copy of the scrip (due to security reasons all sensitive information was altered)
I would very much avoid using expect and use keys for authentication. It's both difficult and unsafe. Either RSA or Ed25519 keys will work. Keys are safer and easy.
With key-based authentication, you'll be able to do it in one line:
On the machine ge.ne.ric.ip in the account for moon_moon, you can modify the public key so that the key can only run telnet to a.no.ther.ip and nothing else.
If you have the default location for authorized_keys file on ge.ne.ric.ip you can find the public key and prepend command="" to it. That way it will run the designated command automatically and nothing else will be possible with that key.
Code:
command="/usr/bin/telnet a.no.ther.ip" ssh-ed25519 AAAAC3…
# or
command="/usr/bin/telnet a.no.ther.ip" ssh-rsa AAAAC3…
The full description of the authorized_keys file format is in the manual page for sshd
On the machine ge.ne.ric.ip in the account for moon_moon, you can modify the public key so that the key can only run telnet to a.no.ther.ip and nothing else.
If you have the default location for authorized_keys file on ge.ne.ric.ip you can find the public key and prepend command="" to it. That way it will run the designated command automatically and nothing else will be possible with that key.
Code:
command="/usr/bin/telnet a.no.ther.ip" ssh-ed25519 AAAAC3…
# or
command="/usr/bin/telnet a.no.ther.ip" ssh-rsa AAAAC3…
The full description of the authorized_keys file format is in the manual page for sshd
once again thaks for the info, but one mor question were i to need to connect to many pc's can i make something like this
I got 'tripped' on this too, *until* I noticed the 3dots elipsis in prior posts: AAAc3...
Then I found a man page here with an example using AAAc...: (formatting 'broken' in that page too!)
An example authorized_keys file:
# Comments allowed at start of line
ssh-rsa AAAAB3Nza...LiPk== user@example.net
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
AAAAB2...19Q== john@example.net
command="dump /home",no-pty,no-port-forwarding ssh-dss
AAAAC3...51R== example.net
So, it's just a *random example* key, like filename [MYname] vs. filename [as a keyword]!
You can make as many keys as you need and put them in the bastion host's / jump host's authorized_keys file. If there is a limit on the number of keys, it is quite high. Each key can be customized with a command="" to launch telnet. Again, you still want to get rid of the telnet servers as soon as possible. If you can't run full-blown OpenSSH, you can try Dropbear, which is modular.
However, there is a low limit on the number of keys ssh-agent can effectively use on the client you are connecting from to the bastion host / jump host. You can get around that limit by making shortcuts in ~/.ssh/config for each targeted telnet server that include IdentitiesOnly and the appropriate IdentityFile entry.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.