When I ssh to my Datapower node like so: ssh user#192.168.0.1 I receive this response:
ssh user#192.168.0.1
(unknown)
Unauthorized access prohibited.
login:
I then enter in the same username, and am also prompted for a password. I type in my credentials and it works! Why didn't it just read my username the first time?
This is hampering my ability to automate a few basic tasks with shell scripts such as fetching logs for processing.
I agree with #Ken and #Stefan that a XML Management is a more appropriate tool for long term automations, howerver, sometimes we need something quick or temporary (or both) ... and for that a CLI automation is easier and faster to develop.
An easy way to push commands to CLI from a shell script is directing the input and output, like this quick sample:
#!/bin/ksh
DPHOST=datapower.device.company.com
DP_USER_ID="myuser"
DP_PASSWORD="mypasword"
TMPFILE=/tmp/tempfile.dp
OUTFILE=/tmp/outfile.dp
TS=`date +%Y%m%d%H%M%S`
cat << EOF > $TMPFILE
DP_USER_ID
DP_PASSWORD
default
echo show cpu
show cpu
echo show memory
show memory
EOF
ssh -T $DPHOST < $TMPFILE > $OUTFILE.$TS
rm $TMPFILE
Note that if you do not have any application domains defined, you may suppress the "default" after the password
And of course, for security reasons you may request the user and password at run time, rather then have it saved on a plain text file, but that is up to you ... the relevant piece here is that you can redirect the file with the commands to an regular ssh session
If you prefer, something like cat $TMPFILE | ssh -T $DPHOST > $OUTFILE.$TS would also works.
That is because DataPower really isn't a SSH server only using the protocol.
What I do in my scripts is that I do the connection, wait for the response and then send the username as the second command and password as third:
ssh [datapower ip]
(unknown)
Unauthorized access prohibited.
login:
your-username
password:
your-password
'#xi52:
DataPower ignores the passed-in username.
Will using the XML Management interface meet your needs? I probably have some scripts laying around.
Ken
Related
I am trying to build a bash script that connects to other servers to do some basic monitoring like checking disk space and have this information emailed. I still need all these servers require a password for general entry/access by users but for this particular monitoring script I don't want to be asked a password (general ssh key only)
How do I can configure a particular user (lets call it monitor) connect to a server with the following command but not ask for the password (as it will be for a cron so needs to be automated)
// ssh to web1 server and get diskspace
cmd=$(ssh web1 df -h | grep -E "xvda1|xvde1" | awk '{print $5};' | sort -r | head -1)
lets say the servers have 3 users 'monitor', 'bob' & 'paul'
When it hits this part of the script the ssh web1 forces me to enter a password - is it possible to setup a particular user (in this case the monitor user) to be able authenticate & login using ssh some-ip without asking for the password but still have it ask for the passwords when either bob or paul try to login?
Yes, it is quite simple: just create an SSH key for monitor user only (ssh-keygen), and then copy it's private key to other servers (ssh-copy-id SERVER-IP-OR-NAME).
Just check PubkeyAuthentication is enabled on the server, but it is enabled by default...
This way user monitor will be logged without asking password, and other users will be required of their password.
It is possible, you have to copy your RSA key to the server and enable the RSA authentication.
You can generate the key using ssh-keygen and following the instructions, then copy it to the server using ssh-copy-id and enabling the PubkeyAuthentication on the server. Be sure to restart the sshd.service!
Resource: openSSH docs
I have gone through some tools like nagios, collectd but they din't find best as we need to monitor no_of_req/sec for each virtual host with all response status, with response time also.
I'm Using ELK Stack:
Separate access logs for each server block for better visibility or you can separate charts via URLs.
Then Use ELK stack:
Feed the logs to logstash via filebeat.
Create grok pattern for your log model.
Create charts via kibana and monitor in real time.
For realtime monitoring:
Try netdata, Its amazing. Please note its not a replacement for nagios or zabbix.
After some quick research, I found this: check_nginx_status.pl. I think defining something like:
define command {
command_name check-nginx
command_line $USER1$/check_nginx_status.pl -H $HOSTADDRESS$ -s $ARG1$ -u $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$
}
is probably just what you're looking for.
The -s flag ($ARG1$) would be the hostname of the virtual host
The -u flag ($ARG2$) would be the specific url (/something/status)
And then the rest of the args would be used if you needed to add any additional flags.
Hope this helps!
I created a User ("myuser") with a Password ("mypw") on a Unix server, whom I granted acces only to certain files.
I try to login to the server with ssh: $ ssh myuser#myserver.com and then I enter the password "mypw". Still, I am not granted access: "Permission denied, please try again."
Is there something I forgot / something additional I have to do with the user in order to give him access via ssh?
Seems a bit simple, but try sudo it?
Or Sudo su before running the command?
Did you manipulate keys at any point ? https://www.youtube.com/watch?v=oHoRYCY-LYU
I have Postfix set up to deliver all incoming email to 〈any_random_address〉#mydomain.com to myname#mydomain.com. I've recently noticed that a large percentage of spam is going to the same non-existent username, and I'd like to block incoming email to that username, while still sending all other emails to my inbox. What is the best way to accomplish that?
Aside from the fact that catch-all doesn't really make sense:
In your virtual aliases map (e.g. /etc/postfix/virtual_alias_maps), add the following line:
john.doe#example.com devnull
In /etc/aliases, add the following line:
devnull: /dev/null
This defines a mailbox named devnull and stores its contents in /dev/null.
Don't forget to update the alias caches and restart Postfix, for example like
sudo postmap /etc/postfix/virtual_alias_maps
sudo newaliases
sudo service postfix restart
Now you should be fine.
We use SFTP in our project to transfer files over an SSH connection. This is done through java code. Assuming that if for characters like ?, ! etc we need to give the encoded value in the sftp command, we encoded the password in the code and generated the command. But SFTP isn't working with these encoded password now, it accepts the password directly. What could be the issue. Please help.
Example username: xyz password: abc!
We use URLEncoder to encode the username and password.
String username= URLEncoder.encode(username, "UTF-8");
String password = URLEncoder.encode(password, "UTF-8");
After encoding Our code would generate SFTP command as : sftp://xyz:abc%21#10.9.10.9/home/documents/xyz.txt
But this isn't working, Authentication fails with wrong password. Where as manually if we give command sftp://xyz:abc!#10.9.10.9/home/documents/xyz.txt it works.
Please let us know if we are going wrong.
Thanks in advance.
That's not actually an issue. SFTP is a subsystem of SSH, and SSH creates a secure channel upon client connection (similarly to what SSL does but at layer 7): once the secure and encrypted connection is established, your username and password will be sent to the SSH server inside such connection, therefore there is no need to encode them nor to encrypt them.
The SSH server expects to receive your username/password as they are, not pre-processed nor encoded. And you can do that safely with SFTP for the reason explained here above. So no reason to be worried.