03-12-2008
How To Read A File Remotely Without A Password?
Many thanks to anyone who can help me solve this problem I am having:
I am working on an HP-UX system version B.11.11 and I have been tasked with finding a way to read a file on a remote server (cat, grep, etc.) using a specific userID without copying it or moving it to the local machine.
But, it has to be done automatically as part of a ksh script. That means it cannot stop and ask for a password which is something that REMSH or REXEC seem to require even after I added the user to the .rhosts file.
I am not a systems administrator so I do not have the ability to make any security modifications that might permit this behavior to the server. Nor can it be run as root. In fact the script will begin from a session that will usually be owned by a user with very limited access, then jump to a different userID to make the remote access attempt. Additionally, management doesn't want to request a change to the server because I was told that would make us dependent upon the admins for support and prevent the script I am designing from being truly self-sufficient.
They actually prefer (believe it or not) to hardcode the password for the userID involved into the script. I advised against this due to the security risk but they
really want this script to be self contained.
Here are some pseudo examples that I have tried (unsuccessfully) to make work within the narrow parameters that I have been allowed:
rexec <remote server> <username> <password> "cat <filename>"
su <username> <password> -c "remsh <remote server> cat <filename>"
I really feel like I'm kinda stuck between a rock and a hard place and I have run out of ideas.
I hope someone here can help. Thanks in advance.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am able to run the UNIX commands in a Windows box from a UNIX box through "SSH" functionality. But whenever the SSH connection is established between UNIX and Windows, password for windows box is being asked.
Is there a way to avoid asking password whenever the SSH connection is made? Can I... (1 Reply)
Discussion started by: D.kalpana
1 Replies
2. UNIX for Advanced & Expert Users
Is it possible to change the password using a shell script, I want to remotely connect to a computer and then change password without manual intevention.
Thanks in Advance
Rishi (4 Replies)
Discussion started by: RishiPahuja
4 Replies
3. Shell Programming and Scripting
Dear All
I am trying to write one shell which will be running through Cron which contain one SQL query. But I want to draw/fetch the Username password and Instance name (required to loging to the database) from one single file to run that SQL query . Also this file contain details of multiple... (2 Replies)
Discussion started by: jhon
2 Replies
4. Shell Programming and Scripting
Thanks in advance to anyone that can help me answer this:
I'm trying to write an if statement that will run test -f on whether a file exists on another server and if it does not then report that negative outcome to a log file.
I'm thinking it should look something like this:
if ; then
rcp... (5 Replies)
Discussion started by: Korn0474
5 Replies
5. Red Hat
Hi,
I am very bad at scripting. I need help from scripting experts...
I need to change password of around 100 linux remote servers. I have been given a script for changing the password that automates the task. however I do not understand the usage and meaning of the script, the script is an... (0 Replies)
Discussion started by: renuka
0 Replies
6. Shell Programming and Scripting
Am reading userid and password.
code:
pmsg "Enter the userid \n"
read userid
pmsg "Enter password \n"
read password
pmsg "Enter Database name \n"
read database
When user type password, it a clear text. I want something like
******** or just a blank
any suggestion plz...
... (2 Replies)
Discussion started by: ilugopal
2 Replies
7. Shell Programming and Scripting
Hi All,
Hope you all doing well...!!!
First of all i will like to share few information about my network.
I have a network of 50 solaris servers sample IPs are (10.2.135.1 to 10.2.135.50)..
i have created trust for root user of servers 1(10.2.135.1) in all other servers, that is i have shared... (4 Replies)
Discussion started by: varunksharma87
4 Replies
8. Shell Programming and Scripting
Hi Experts,
I am writing a shell script (for displaying disk space details) which is logging to 15 different servers using following command.
ssh userid@servername
It is prompting me for password for all 15 servers when I manually run it.
However , soon I would like to schedule this script... (4 Replies)
Discussion started by: ajaypatil_am
4 Replies
9. Shell Programming and Scripting
I have a shell script to run set of commands every week . I dont have a root access on the server but I can run the commands using pbrun
cat myscript.sh
*
*
*
pbrun command....
each time I run the script , it asks me for my password then it executes fine.
./myscript.sh
Password... (7 Replies)
Discussion started by: Sara_84
7 Replies
10. Emergency UNIX and Linux Support
Hello Gurus,
This is something i need to implement quite urgently. My requirement is as follows:
1. We are using Solaris 10, Sun Access Manager appln.
2. we need to start a domain through script (automated). Syntax of the command goes as below:
./asadmin start-domain --user admin domain1 ... (7 Replies)
Discussion started by: EmbedUX
7 Replies
REXEC(1) General Commands Manual REXEC(1)
NAME
rexec -- remote execution client for an exec server
SYNOPSIS
rexec [ -abcdhns -l username -p password ] host command
DESCRIPTION
Rexec calls the rexec(3) routine to act as a client for the remote host's rexecd(8) server.
It asks that ``command'' be run on the host computer, using username/password authentication. See rexec(3) and rexecd(8) for details of the
protocol.
OPTIONS
Rexec accepts several options, but only three are likely to be very useful:
-l username
Set the log-in name on the remote host to username.
-p password
Provide the password for the remote account. The command line argument will be blanked after being parsed, to prevent it from being
seen with ps(1). However, it is still not very secure to type the password on the command line. In particular, be sure that the
shell's history file is protected.
-n Explicitly prompt for name and password, even if provided in the environment, in the $HOME/.netrc file, or in the environmental
variables REXEC_USER and REXEC_PASS.
Other options that might be useful with non-standard remote exec daemons, or to debug connections:
-a Do not set up an auxiliary channel for standard error from command; the remote standard error and output are then both returned on
the local standard output. By default, rexec asks that a separate channel be set up for diagnostic output from the remote command.
-b Use signal handling as in BSD rsh(1). Only the signals SIGINT, SIGQUIT, and SIGTERM are echoed to the remote process. They do not
remain raised locally, so rexec waits for the remote command to shutdown its side of the socket. Also, CNTRL-Z will only suspend
execution locally--the remote command may continue to run.
-c Do not close remote standard input when local standard input closes. Normally the standard input to the remote command is closed
when the local standard input is closed.
-d Turn on debugging information. In particular the command sent to the remote host will be echoed.
-h Print a usage message.
-s Do not echo signals received by the rexec onto the remote process. Normally, signals which can be trapped are passed on to the
remote process; then, when you type CNTRL-C, the remote process terminates as well.
USERNAME AND PASSWORD
Rexec(1) searches for the username and password in the following order:
1. If -n is given on the command line, the user will always be prompted for both, even if they are also given on the command line.
2. The command line will be parsed
3. If the environmental variables REXEC_USER or REXEC_PASS are defined, they will define the username or password.
4. The $HOME/.netrc file will be searched. See ftp(1) for a description of this file's format.
5. Finally, the user will be prompted if either the username or password remains undefined.
SECURITY
Users of this command should be aware that rexec(3) transmits their password to the remote host clear text, not encrypted. If the network
is not secure to the remote host, the password can be comprimised.
SIGNALS
Without the -b option, all signals which can be handled are echoed to the remote process. Afterwards, however, they remain raised in the
local process. Typically, this means that rexec(1) will exit after receiving a fatal signal, even if the remote process has arranged to
handle or ignore it.
Differing operating systems use differing signal numbers; for example AIX and SunOS use 18 for SIGTSTP (^Z), while Linux uses 20. There-
fore, it may have a different effect remotely than locally. In particular, typing CNTL-Z may not suspend the execution of the remote
process.
EXAMPLE
rexec othermachine cat ">remote_file; date" <local_file
will send local_file to the othermachine as remote_file.
BUGS
Please send bug reports, system incompatibilities, and job offers to the author.
SEE ALSO
rexec(3), rexecd(8), rsh(1)
AUTHOR
Michael Sadd
mas22@cornell.edu
http://www.tc.cornell.edu/~sadd/
Thanks to Orange Gopher (2/10/97) and Johannes Plass (plass@dipmza.physik.uni-mainz.de, Oct. 17 1996) for useful suggestions.
February 14, 1997 REXEC(1)