Ssh freezes when run using different user ID


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Ssh freezes when run using different user ID
# 1  
Old 01-16-2019
Ssh freezes when run using different user ID

Hi,

Below is my ssh command which runs fine when I run from server1

Code:
 
 [user1@server1 ~]$ sshpass -p mypassword ssh -o ConnectTimeout=13 -t user1@server2 'echo "mypassword" | sudo -S -l; echo "$?#`hostname`"; exit'


but when I run the exact same command using another user ID [user2] the control does not return to the command prompt and the command looks like it froze.

Code:
 
 [user2@server1 ~]$ sshpass -p mypassword ssh -o ConnectTimeout=13 -t user1@server2 'echo "mypassword" | sudo -S -l; echo "$?#`hostname`"; exit'

Can you please suggest why and how can I resolve the problem ?
# 2  
Old 01-16-2019
I would start by looking for sudo logged events

redhat based linux systems like centos

Code:
  /var/log/secure

debian based OS like ubuntu

Code:
  /var/log/auth.log

This User Gave Thanks to jim mcnamara For This Post:
# 3  
Old 01-16-2019
You will find your life much easier of you stop using ssh with passwords as you are doing and move to password-less ssh using public-private key pairs.

There are 100s of tutorials on how to set this up in the net, here is one of those 100s of examples:

How to setup passwordless SSH login in Linux – The Geek Diary
This User Gave Thanks to Neo For This Post:
# 4  
Old 01-16-2019
Quote:
Originally Posted by mohtashims
Can you please suggest why and how can I resolve the problem ?
I can suggest how you can resolve the problem, because you usually have the same problem: you build some complex, interdepent, overly complicated thing and expect it to work. How about building one small thing, test it, building the next-bigger thing, test again, and so on, until you are finished. Each time you add something and it doesn't work any more you would know exactly where to look for, no?

So let us start:

Code:
[user2@server1 ~]$ ssh user1@server2

Does this work? Do you get a prompt on the remote server? Only if "yes", proceed - otherwise you have a problem with the connection. What it may be i don't know, but i would start with a ping to see if the server is reachable, etc..

If it works, what does this
Code:
[user2@server1 ~]$ sshpass -p mypassword ssh user1@server2

do? sshpass uses a tty to trick ssh into believing the password was entered at command line. Chances are that this tty is somehow not there, taken away, whatever. It also might be that user2 has a different environment and some PATH or alias or privilege to access a certain command (or some dozens of other similar differences) is the culprit. Do you still get the command prompt with this?

By now you should know how to continue: add one step at a time and test. Good luck.

Finally, to emphasize what Neo has said, here is a quote from the man page of sshpass:

Quote:
Security Considerations

First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and being more secure.

The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
You have been told this several times in earlier threads and, honestly, i don't understand why you insist on using the "least best" (or, in other words: worst) practice, even in the words of the people who have written the tool you are using.

bakunin

Last edited by bakunin; 01-16-2019 at 06:43 PM..
These 3 Users Gave Thanks to bakunin For This Post:
# 5  
Old 01-16-2019
It is simply amazing to me why people love to build complicated, buggy, difficult to mantain, insecure solutions to problems which can be solved with simple, easy to maintain, more secure solutions.

Why?
  • Job security?
  • Having fun learning on the job getting paid by others?
I can assure you that if these guys were the owners of this IT and they were not getting paid to implement these overtly complex, buggy, hard to maintain, insecure solutions they would NOT do it.

Honestly, I keep seeing this more and more, especially from "certain countries" where the guys just seem to want to implement these overly complex, buggy, hard to maintain, and less secure solutions when, if they would just listen to us (people with many, many decades of coding and day to day sys admin experience, who likes simple, secure, easy to maintain, not buggy solutions), then their IT life would be a lot easier (and the questions here would be more practical).

I repeat....

Do not user sshpass. Use shared public-keys without passwords. It is more secure, less complex, easier to maintain and less buggy. I know. I do this every day on real systems!

Keep it simple!
These 2 Users Gave Thanks to Neo For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Unable to run command after ssh

Hello, I am trying to create a ksh script to login to server and collect gather output of some command to troubleshoot some issue. DATE=`date +%b.%d.%Y.%M.%H` echo " Enter emp id to login to server" read Eid Eid=$Eid echo " Enter hostname of the system" read HOST HOST=$HOST... (2 Replies)
Discussion started by: saurabh84g
2 Replies

2. Shell Programming and Scripting

Unable to run application using ssh

I'm testing a C++ based application (HLR) in my solaris system. Whenever i start the application remotely from some other solaris server using ssh command the application throws an error and goes down. command i used: ssh root@192.168.151.77 "./start_hlr.sh" Below is the error observed : ... (1 Reply)
Discussion started by: Arun_Linux
1 Replies

3. Shell Programming and Scripting

Help to hide shell terminal and run prompt program after ssh login for specified user

Hey guys, I have some task from my office to lock user on the specified directory after the user logged on using ssh. And then run prompt program to fill the required information. Yeah, just like an ATM system. My question: How could I do those?? AFAIK I have to edit the ~./bashrc. But the... (1 Reply)
Discussion started by: franzramadhan
1 Replies

4. Shell Programming and Scripting

ssh run script error

Hello when try to excute the following ssh -l pla 10.287.60.55 vis_fil vis_fil not found. but it works fine when login to the server. can you help me run this command in one online because i will add later to shell script regards (1 Reply)
Discussion started by: mogabr
1 Replies

5. AIX

passwordless entry using ssh from one user to a different user on the same server

Hi, We have a requirement to do passwordless entry from one user to a different user on the same AIX server using ssh keys. Can some one help me with this? Thanks in advance, Panditt (3 Replies)
Discussion started by: deshaipet
3 Replies

6. Solaris

Run command on sc via ssh

when i run a command on ALOM via ssh i get following error ssh root@10.23.12.51 showhosts Password: Waiting for daemons to initialize... Daemons ready shell: Invalid credentials how can i run commands without actually loging to the sc (3 Replies)
Discussion started by: fugitive
3 Replies

7. UNIX for Dummies Questions & Answers

change user> to user@host> ssh prompt

Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like user> while I'd like it to be as user@host> It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies

8. Shell Programming and Scripting

How to run a set of commands through ssh

I need to run a set of commands on a remote machine using ssh. it should also collect output and return status of each command. Can someone help me how to do this? (1 Reply)
Discussion started by: vickylife
1 Replies

9. Shell Programming and Scripting

how to run a command in different machine using SSH

how to run a command in different machie in my case script will runs in solaries machine.. in one instance it has to run a command in different machine with different operating system ( linux ) using SSH command i tried ssh -l (login_name) (machine name/host ) " command " but it is... (3 Replies)
Discussion started by: mail2sant
3 Replies

10. UNIX for Dummies Questions & Answers

making ssh run without password

Hello Everybody, Could anyone please tell me how to get ssh to work without asking for passwords? (i want to do a ssh <hostname> without getting a request for a password but getting connected straight away) I have attempted the following but to no avail :( ... I tried to generate a SSH... (5 Replies)
Discussion started by: rkap
5 Replies
Login or Register to Ask a Question