I am currently developing the new VBScript to execute the Shell (through Putty software) in UNIX server,
Set shell = WScript.CreateObject("WScript.Shell")
shell.Exec D:\Putty.exe hostname -l username -pw password 1.sh
I am getting connection refused error.
when I run the below command without my script (1.sh)
shell.Exec D:\Putty.exe hostname -l username -pw password
Connection is getting established without any issues.
Also, I just wanted to extract the output, once extracted, the session should get closed automatically.
This doesn't work in putty.exe. Putty has however a dedicated program to do these kind of things, it's called plink.exe - there you can pass commands and read the output just as you would expect, and your example should work just like you specified it.
PuTTY Link: command-line connection utility
Release 0.63
Usage: plink [options] [user#]host [command]
("host" can also be a PuTTY saved session name)
Options:
-V print version information and exit
-pgpfp print PGP key fingerprints and exit
-v show verbose messages
-load sessname Load settings from saved session
-ssh -telnet -rlogin -raw -serial
force use of a particular protocol
-P port connect to specified port
-l user connect with specified username
-batch disable all interactive prompts
The following options only apply to SSH connections:
-pw passw login with specified password
-D [listen-IP:]listen-port
Dynamic SOCKS-based port forwarding
-L [listen-IP:]listen-port:host:port
Forward local port to remote address
-R [listen-IP:]listen-port:host:port
Forward remote port to local address
-X -x enable / disable X11 forwarding
-A -a enable / disable agent forwarding
-t -T enable / disable pty allocation
-1 -2 force use of particular protocol version
-4 -6 force use of IPv4 or IPv6
-C enable compression
-i key private key file for authentication
-noagent disable use of Pageant
-agent enable use of Pageant
-m file read remote command(s) from file
-s remote command is an SSH subsystem (SSH-2 only)
-N don't start a shell/command (SSH-2 only)
-nc host:port
open tunnel in place of session (SSH-2 only)
-sercfg configuration-string (e.g. 19200,8,n,1,X)
Specify the serial configuration (serial only)
I am a newbie to embedded networking. I want to set arm board as a ssh server .From other boards(client boards connected in the network), I need to connect to this server board.
I have downloaded the openssh and cross compiled it for arm successfully.
I have used default sshd_config file and run sshd command in arm-board.
Command
"ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" "
is used to genrate key.
My doubt is where can I set the username and password, so that I can login from a remote client using ssh command. I didn't find any document regarding this...?
Using ssh you are logging in as a normal system user. So you should add user using useradd command. You can change password using passwd command.
I would like to establish bidirectional encrypted communication between two machines using spiped (http://www.tarsnap.com/spiped.html) but I suspect that this is really a question about port forwarding... here's what I have working thus far (where my local machine is OS X Mavericks, and the remote is a Ubuntu 12.04 Virtualbox VM):
Remotely (listen on 8025 for external requests and redirect to 8000,
where nc displays on stdout):
remote % killall spiped
remote % spiped -d -s '[0.0.0.0]:8025' -t '[127.0.0.1]:8000' -k keyfile
remote % while true; do nc -l 8000; done
Then, locally (listen on 8001 locally and redirect to 8025, where it is sent to the remote machine):
local % killall spiped
local % spiped -e -s '[127.0.0.1]:8001' -t '[192.168.56.10]:8025' -k keyfile
Now when I do the following, "hello" is printed to stdout remotely:
local % echo hello | nc 127.0.0.1 8001
All of this is great. But what about sending data from the remote machine and receiving it locally? I naively assume I can do this remotely:
remote % echo hello | nc 127.0.0.1 8000
And read the data locally with
local % nc -l 8001
But nc does not receive any data locally. I assume I am fundamentally misunderstanding something. In the absence of specific answers, can anyone suggest resources to read up on relevant topics? I'm not looking for a solution using an ssh tunnel - I know how to do that.
In order to provide bi-directional communications with spiped you will need to setup the following on both machines:
A server daemon using the pre-shared key which forwards to the requested local service
A client which sends traffic using the same pre-shared key to the desired spiped port
One listens & one receives on both systems. For more information take a look a the source code for the client & for the server.
You can run the spiped service on both systems but each will require manual (or scripted) connections using the spipe client.
For example using the server (on both machines you would run the following):
spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
[-DfFj] [-n <max # connections>] [-o <connection timeout>] [-p <pidfile>]
[{-r <rtime> | -R}]
And on the clients wishing to communicate (bi-directionally) with each other you would have to manually invoke the client:
spipe -t <target socket> -k <key file> [-fj] [-o <connection timeout>]
Or as a real world example using your setup (two services bound to 8025 forwarding to nc on 8000).
remote % spiped -d -s '[0.0.0.0]:8025' -t '[127.0.0.1]:8000' -k keyfile
remote % while true; do nc -l 8000; done
local % spiped -d -s '[0.0.0.0]:8025' -t '[127.0.0.1]:8000' -k keyfile
local % while true; do nc -l 8000; done
Each (remote & local) run the following (nc bound locally to 8001 and sending to the server at 8025):
remote % spiped -e -s '[127.0.0.1]:8001' -t '[192.168.56.10]:8025' -k keyfile
local % spiped -e -s '[127.0.0.1]:8001' -t '[192.168.56.11]:8025' -k keyfile
Sending data to 8001 on both remote & local forwarding to local & remote
remote % echo "hello client" | nc 127.0.0.1 8001
local % echo "hello server" | nc 127.0.0.1 8001
Listening to each
remote % nc -l 8001
local % nc -l 8001
Seeing as how the software was designed to protect the transport layer of the tarsnap backup software which only requires the payloads to be encrypted TO the service.
Their example within the documentation for protecting the SSH daemon further illustrates this by making use of the 'ProxyCommand' option for SSH. Eg:
You can also use spiped to protect SSH servers from attackers: Since
data is authenticated before being forwarded to the target, this can
allow you to SSH to a host while protecting you in the event that
someone finds an exploitable bug in the SSH daemon -- this serves the
same purpose as port knocking or a firewall which restricts source IP
addresses which can connect to SSH. On the SSH server, run
dd if=/dev/urandom bs=32 count=1 of=/etc/ssh/spiped.key
spiped -d -s '[0.0.0.0]:8022' -t '[127.0.0.1]:22' -k /etc/ssh/spiped.key
then copy the server's /etc/ssh/spiped.key to
~/.ssh/spiped_HOSTNAME_key on your local system and add the lines
Host HOSTNAME ProxyCommand spipe -t %h:8022 -k ~/.ssh/spiped_%h_key
to the ~/.ssh/config file. This will cause "ssh HOSTNAME" to
automatically connect using the spipe client via the spiped daemon;
you can then firewall off all incoming traffic on port tcp/22.
For a detailed list of the command-line options to spiped and spipe,
see the README files in the respective subdirectories.
I can log in to my remote using ssh/sftp (without the -b option)
sftp root#192.168.7.2
But when I try
sftp -b commands.tmp root#192.168.7.2
I get
Permission denied (publickey,password).
Couldn't read packet: Connection reset by peer
Commands.tmp looks like this
ls
exit
Anything I am missing here ?
I used shhpass to write the password no interactive and I needed to add -oBatchMode=no
sshpass -p PASSWORD sftp -v -oBatchMode=no -b FILE USER#SERVER
If you are authentication with a password or an encrypted private key, you cannot use the -b with plain sftp. The sftp man says:
Since it lacks user interaction it should be used in conjunction with non-interactive authentication
You can for example use a passphrase-less private key together with the -b.
If you want to use password authentication, you need to use workarounds like sshpass. See:
How to run the sftp command with a password from Bash script?
This worked for me
sshpass -p 'PASSWORDSTRING' sftp -v -oBatchMode=no -b deploy/production username#ipaddress
production file
put -rp /from-directory /to-directory
EDIT: Putting exactly what was done
I need to SSH localhost without password, the usual way of doing it (with public keys) do not work.
user#PC:~$ rm -rf .ssh/*
user#PC:~$ ssh-keygen -t rsa > /dev/null
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
user#PC:~$ ls .ssh/
id_rsa id_rsa.pub
user#PC:~$ ssh-copy-id -i localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is f7:87:b5:4e:31:a1:72:11:8e:5f:d2:61:bd:b3:40:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
user#localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user#PC:~$ ssh-agent $SHELL
user#PC:~$ ssh-add -L
The agent has no identities.
user#PC:~$ ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user#PC:~$ ssh-add -L
ssh-rsa ...MY KEY HERE
user#PC:~$ ssh-copy-id -i localhost
user#localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user#PC:~$ ssh localhost echo 'testing'
user#localhost's password:
user#PC:~$
So as you can see in the last command it is still asking the password!
How can I fix that? Ubuntu-10.04, OpenSSH_5.3p1
EDIT2:
Adding some info about the sshd
user#PC:~$ cat /etc/ssh/sshd_config | grep Authentication
# Authentication:
RSAAuthentication yes
PubkeyAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
ChallengeResponseAuthentication no
# PasswordAuthentication yes
EDIT3: Ading result from $ssh -vv localhost
$ssh -vv localhost
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user#localhost's password:
I did following 3 steps to create the password less login
1. ssh-keygen -t rsa
Press enter for each line
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. chmod og-wx ~/.ssh/authorized_keys
Have discovered the problem.
Running the server with debuging:
$sshd -Dd
I found it was not able to read the auth_key
$chmod 750 $HOME
Fixed it.
Another possible answer: the authorized_keys file may exist and be readable. But if it is group- or world-writable, it will still prompt for the password. The answer to THAT problem is
chmod og-wx ~/.ssh/authorized_keys
Two simple steps:
ssh-keygen -t rsa <Press enter for each line>
ssh-copy-id localhost
Enter password and you're done.
Do the following steps
ssh-keygen -t rsa -C "your_email#example.com"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
Use the default file and empty passphrase (Simply press enter in the next 2 steps)
# start the ssh-agent in the background
eval "$(ssh-agent -s)"
# Agent pid 59566
ssh-add
Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys
Ensure following are the permissions
ls -l .ssh/
total 20
-rw-r--r--. 1 swati swati 399 May 5 14:53 authorized_keys
-rw-r--r--. 1 swati swati 761 Jan 12 15:59 config
-rw-------. 1 swati swati 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 swati swati 399 Jan 12 15:44 id_rsa.pub
-rw-r--r--. 1 swati swati 410 Jan 12 15:46 known_hosts
Also, ensure the permissions for .ssh directory are. This is also important
drwx------. 2 swati swati 4096 May 5 14:56 .ssh
The correct and safe way of doing it is to copy the keys as has been said here.
In other cases, sshpass can be handy.
sshpass -p raspberry ssh pi#192.168.0.145
Keep in mind that this is not safe at all. Even though it is not a good idea to use it in secure environments, it can be useful for scripting, automated testing...
this can be combined with
ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no pi#192.168.0.145
to avoid confirmation questions that prevent scripting from happening.
Again, only use this in development systems where different machines share an IP and security is not important.
https://ownyourbits.com/2017/02/22/easy-passwordless-ssh-with-sshh/
as the accepted answer do,
if you encount a problem of
Agent admitted failure to sign using the key.
you need to
ssh-add
I faced the same issue even after following all the recommendations, but found out that the issue was with gnome-keyring interference.
Solution:
Go Search , look for “Startup Applications”
If you see “SSH Key Agent”, uncheck the box
Reboot the machine and connect to localhost.
I solved ssh login problem this way.
I generate the key pairs on my server side and then scp back the private key to my windows 10 computer and now I can login without password.
Previously I used key pairs generated by my window 10 laptop and there was no luck at all.
On Centos 7
SOLUTION
1 create rsa key
2 vim /etc/ssh/ssh_config
3
# IdentityFile ~/.ssh/identity
uncoment this line > IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
Note *I did this after copying the key and some of the other answers before this one. But I am pretty sure this is all you have to do but if not I would append the rsa key to authorized_keys and also run the
ssh-copy-id to username#localhost
I encountered the same problem when running unit tests on Docker container(golang:1.13-alpine).
After sshd -Dd and ssh -vv root#localhost debugging, I found the reason:
User root not allowed because account is locked
So, we should unlock the account by passwd -u
or set a password.
I fixed my problem setting the AllowUsers on sshd_config file.
Running the server with debuging:
$sshd -Dd
I found it was not allowed the my user
$sudo vi /etc/ssh/sshd_config
Add a row with after #Authentication:
AllowUsers myUser
One thing to doublecheck if you have a known good configuration for ssh is that your /etc/hosts.allow includes a reference to localhost, since the source IP for a localhost connection would be coming from 127.0.0.1 rather than your network IP. I was stumped on this for some time, but after adding the following to /etc/hosts.allow my configuration immediately worked.
ALL: 127.0.0.1/32
I figured I would add this since none of the other answers mentioned it and this was the top hit from my search for the same error.
RHEL8
In my case after successful keys configuration it still did not work. I found following error in /var/log/secure:
pam_access(sshd:account): access denied for user `username' from `::1'
So I had to edit:
/etc/security/access.conf
And add there '::1' to allowed hosts by adding a line:
+:<username>:LOCAL ::1
It immediately started to work, even without restart of sshd service.