I am trying to use plink(Putty link) to connect to test servers using a batch file so as to avoid any user prompts and executing shell scripts. But it is pausing by showing a user interactive prompt after logging in with username and password provided which I don't want.
Please provide any suggestion for why this is happening or if I need to change any settings in the configuration to make this work.
Below is the log for the same. I am expecting it to execute a shell script after this step before which it gets stopped and plink puts me in an interactive shell
D:\>plink -v -ssh xxx#xxx.xxx.xxx.xx.com –pw XXXXX
Looking up host "xxx#xxx.xxx.xxx.xx.com"
Connecting to xxx.xx.xxx.xx port 22
Server version: SSH-2.0-OpenSSH_5.1
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 1024 a5:c3:96:57:53:7c:72:06:8d:86:09:76:27:3e:18:8d
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "xxx".
Attempting keyboard-interactive authentication
Access granted
Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Wed Mar 5 09:56:41 2014 from 10.34.39.22
←[?1034hxxxxavu2:←]2;xxx#xxxxavu2~ >
When using SSH, upon first connection you are required to verify a service host key in order to make a connection.
Through plink, the command line will generate a prompt, asking the user to "accept service host key? (y/n)".
Step 1: Fix the "Keyboard Interactive Authentication prompts from server"
Follow the URL instruction and Deselect the "Attempt keyboard Interactive auth (SSH-2) in your putty.
https://support.linuxacademy.com/hc/en-us/articles/360027730172-How-Can-I-Copy-and-Paste-into-Putty-on-Windows
Step 2: Below is the commands will fix the "verify a service host key" for every Linux server first SSH connection using plink.
echo yes| C:\PuTTY\plink.exe user-name#10.148.147.41 -pw *************** date
Step 3: Now you can immediately ran your next scripts like "server uptime checks" or "monitoring agent restart" using plink with -batch option (disable all interactive prompts)
C:\PuTTY\plink.exe -batch user-name#10.148.147.41 -pw *************** -m C:\uptime_linux.sh
C:\PuTTY\plink.exe -batch user-name#10.148.147.41 -pw *************** -m C:\monitoring-agent-check_linux.sh
Above mentioned information's 100% will help you to automate the linux tasks using plink utility.
It's giving you an interactive shell because you are not actually giving it a command to execute after connecting. Enclose your command in quotes, eg:
D:\>plink -v user#xxx.xxx.xxx.xxx -pw XXXXX "df -h"
Related
I want to SSH to a machine (call it A). It's sshd config file looks like below:
AllowGroups wheel
AllowTcpForwarding no
AuthorizedKeysFile .ssh/authorized_keys
Banner /etc/issue
ChallengeResponseAuthentication no
Ciphers aes256-ctr,aes128-ctr
Compression delayed
GatewayPorts no
MACs hmac-sha1
MaxSessions 1
PasswordAuthentication yes
PermitRootLogin yes
PermitTunnel no
PermitUserEnvironment no
Protocol 2
RhostsRSAAuthentication no
StrictModes yes
Subsystem sftp /usr/lib64/ssh/sftp-server
UsePAM yes
UsePrivilegeSeparation yes
X11Forwarding no
I have another machine (call it B - ssh client)
Now, if I try to ssh to machineA as below, it works perfect:
ssh root#machineA
and then interactively provide password. Works perfect!
Now, I try passing password via a script using sshpass utility as below:
sshpass -p PASSWORD ssh -vvv -o=StrictHostKeyChecking=no root#machineA
This fails.
Last few lines from debug of -vvv gives below:
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
/var/log/auth.log on machine A says below:
Connection from machineB port 44408
Failed password for root from machineB port 44408 ssh2
Connection closed by machineB port 44408 [preauth]
lastb command gives below:
root ssh:notty machineB Sun Jul 3 04:20 - 04:20 (00:00)
root ssh:notty machineB Sun Jul 3 04:19 - 04:19 (00:00)
I have been reading around for it. But, not something that I can stop at. Do you have any pointers? What could be the problem?
Anything related to sshpass or something?
I would try to narrow the problem:
Try with a simpler password, without special characters.
Try with a user different than root.
Try using certificates instead of password.
That is explained here: https://git-scm.com/book/en/v2/Git-on-the-Server-Generating-Your-SSH-Public-Key , https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2 etc.
Have a look at the server logs as well, check /var/log/secure or alike.
I am new to salt-ssh and I have gotten it to work successfully for setting up a remote system. However, I have a login issue that I don't know how to address. What is happening is that when I try to run the salt-ssh commands I have to fight with then initial login process before eventually it just works. I am looking to see if I can narrow down what is causing me to have to fight with login process.
I am using OS X to run my salt-ssh commands against an ubuntu vagrant vm.
I have added my root user's ssh key to the root user authorized_keys on the vagrant vm. I have verified that I can log into the system using ssh without any issues
sudo ssh root#192.168.33.10
Here are what my config files look like:
roster
managed:
host: 192.168.33.10
user: root
sudo: true
Saltfile
salt-ssh:
config_dir: /users/vmcilwain/projects/salt-ssh-rails
roster_file: /users/vmcilwain/projects/salt-ssh-rails/roster
log_file: /users/vmcilwain/projects/salt-ssh-rails/saltlog.txt
master
file_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/states
pillar_roots:
base:
- /users/vmcilwain/projects/salt-ssh-rails/pillars
I run this command:
sudo salt-ssh -i '*' test.ping
I enter my local user's password and I get this output
Permission denied for host 192.168.33.10, do you want to deploy the salt-ssh key? (password required):
[Y/n]
This is where my fight is. If the vagrant vm has the ssh key for the user I am executing salt-ssh as, why am I being told that permission is denied? Especially when I verified I could ssh into the system without using salt-ssh.
Clicking yes prompts me for the remote root user's password, which I didn't set and don't necessarily want to since an ssh key should have worked.
I'm hoping someone can tell me the best way to setup connections between both systems so that I don't have to have this fight every time.
I needed to set the priv in my roster to the rsa key that I am using to connect to the remote host:
priv: /Users/vmcilwain/.ssh/id_rsa
I am able via sftp using the same credentials on WinSCP, so why would I get an error message on Atom's remote edit package?
I corrected this by modifying the sshd_config file on the server.
sudo vi /etc/ssh/sshd_config
I modified the following line:
PasswordAuthentication yes #changed from no to yes
then I restarted the ssh daemon:
sudo service ssh restart
and that did the trick. I believe that Atom is sending passwords in clear text to the server, so using password authentication may cause issues unless you have PasswordAuthentication set to yes.
I have searched several posting on this message and I am still getting the error when I attempt to do an "ldapsearch"
I have changed the slapd.conf to use a plain-text password and I am still getting the error. I have also made sure that there are no blank spaces in the file. The log file shows and iptables is turned off. I have attempted to follow the LDAP setup from
"http://www.itmanx.com/kb/centos63-openldap-phpldapadmin".
conn=1001 fd=15 ACCEPT from IP=[::1]:54486 (IP=[::]:389)
conn=1001 op=0 BIND dn="cn=Manager,dc=domain,dc=local,dc=pt" method=128
conn=1001 op=0 RESULT tag=97 err=49 text=
conn=1001 fd=15 closed (connection lost)
my server is running Centos 6.4 64.
below are the commands I am using
"ldapsearch -x -D cn=Manager,dc=domain,dc=local,dc=pt -w abc"
my slapd.conf file
database bdb
suffix "dc=domain,dc=local"
checkpoint 1024 15
rootdn "cn=Manager,dc=domain,dc=local"
rootpw abc
You need to generate your password like below -
slappasswd -h {CLEARTEXT}
enter password - abc
Do the search -
ldapsearch -x -h ipaddress(mention ip address) -D "cn=Manager,dc=domain,dc=local" -W
In the search you try to bind as:
cn=Manager,dc=domain,dc=local,dc=pt
but in the config the rootdn is:
cn=Manager,dc=domain,dc=local
This is of course "an invalid credential".
You are binding as the rootdn, which is to say the "root account" of your DIT. This account's password is, in this case, config-based. It is possible that while 'abc' is the configured password, it may not be the loaded password.
Case in point: Someone goes into the slapd.conf file and changes the rootdn password from 'xyz' to 'abc' but neglects to restart the OpenLDAP daemon. What will happen here is that 'abc' will NOT work until the process is restarted, and thus the OpenLDAP daemon will continue to honor the OLD password of 'xyz'.
I hope this helps...
Max
How can we verify that SFTP access has been granted on a server, without installing any software/tools?
Most servers have curl and scp installed, which you can use to log into an SFTP server. To test if your credentials work using curl, you could do this:
$ curl -u username sftp://example.org/
Enter host password for user 'username':
Enter your password and if it works you'll get a listing of files (like ls -al), if it doesn't work you'll get an error like this:
curl: (67) Authentication failure
You could also try using scp:
$ scp username#example.org:testing .
Password:
scp: testing: No such file or directory
This verifies that you that you were able to log in, but it couldn't find the testing file. If you weren't able to log in you'd get a message like this:
Permission denied, please try again.
Received disconnect from example.org: 2: ...error message...
One of the many ways to check for SFTP access using password based authentication:
sftp username#serverName
or
sftp username#serverIP
And then entering password.
You will get "Permission denied, please try again." message if it fails otherwise you will be allowed inside the server with screen-
sftp>
You can test it fully works with commands like ls, mkdir etc.
Try logging in.
Not being snarky -- that really is probably the simplest way. By 'verify[ing] that SFTP access has been granted," what you're really doing is checking is a particular l/p pair is recognized by the server.
Alternatively, other than doing the "sftp -v" command mentioned above, you can always cat the SSH/SFTP logs stored on any server running sshd and direct them to a file for viewing.
A command set like the following would work, where 1.1.1 would be the /24 of the block you are trying to search.
cd /var/log/
cat secure.4 secure.3 secure.2 secure.1 secure |grep sshd| grep -v 1.1.1> /tmp/secure.sshd.txt
gzip -9 /tmp/secure.sshd.txt
G'day,
What about telnet on to port 115 (if we're talking Simple FTP) and see what happens when you connect. If you don't get refused try sending a USER command, then a PASS command, and then a QUIT command.
HTH
cheers,
In SFTP , the authentication can be of following types :
1. Password based authetication
2. Key based authentication
But if u r going for key based authentication then u have to prepare setup according to that and
proceed the login procedure.If the key based authentication fails it automatically asks for password means it automatically switches to password based mode. By the way if u want to verify u can use this on linux :
"ssh -v user#IP "
It will show u all the debug messages , and if the authentication is passed u will be logged in otherwise u will get "Permission denied". Hope this will help u.