Below is my ssh command which runs fine when I run from server1
but when I run the exact same command using another user ID [user2] the control does not return to the command prompt and the command looks like it froze.
Can you please suggest why and how can I resolve the problem ?
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
You will find your life much easier of you stop using ssh with passwords as you are doing and move to password-less ssh using public-private key pairs.
There are 100s of tutorials on how to set this up in the net, here is one of those 100s of examples:
Can you please suggest why and how can I resolve the problem ?
I can suggest how you can resolve the problem, because you usually have the same problem: you build some complex, interdepent, overly complicated thing and expect it to work. How about building one small thing, test it, building the next-bigger thing, test again, and so on, until you are finished. Each time you add something and it doesn't work any more you would know exactly where to look for, no?
So let us start:
Does this work? Do you get a prompt on the remote server? Only if "yes", proceed - otherwise you have a problem with the connection. What it may be i don't know, but i would start with a ping to see if the server is reachable, etc..
If it works, what does this
do? sshpass uses a tty to trick ssh into believing the password was entered at command line. Chances are that this tty is somehow not there, taken away, whatever. It also might be that user2 has a different environment and some PATH or alias or privilege to access a certain command (or some dozens of other similar differences) is the culprit. Do you still get the command prompt with this?
By now you should know how to continue: add one step at a time and test. Good luck.
Finally, to emphasize what Neo has said, here is a quote from the man page of sshpass:
Quote:
Security Considerations
First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and being more secure.
The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
You have been told this several times in earlier threads and, honestly, i don't understand why you insist on using the "least best" (or, in other words: worst) practice, even in the words of the people who have written the tool you are using.
bakunin
Last edited by bakunin; 01-16-2019 at 06:43 PM..
These 3 Users Gave Thanks to bakunin For This Post:
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
It is simply amazing to me why people love to build complicated, buggy, difficult to mantain, insecure solutions to problems which can be solved with simple, easy to maintain, more secure solutions.
Why?
Job security?
Having fun learning on the job getting paid by others?
I can assure you that if these guys were the owners of this IT and they were not getting paid to implement these overtly complex, buggy, hard to maintain, insecure solutions they would NOT do it.
Honestly, I keep seeing this more and more, especially from "certain countries" where the guys just seem to want to implement these overly complex, buggy, hard to maintain, and less secure solutions when, if they would just listen to us (people with many, many decades of coding and day to day sys admin experience, who likes simple, secure, easy to maintain, not buggy solutions), then their IT life would be a lot easier (and the questions here would be more practical).
I repeat....
Do not user sshpass. Use shared public-keys without passwords. It is more secure, less complex, easier to maintain and less buggy. I know. I do this every day on real systems!
Hello,
I am trying to create a ksh script to login to server and collect gather output of some command to troubleshoot some issue.
DATE=`date +%b.%d.%Y.%M.%H`
echo " Enter emp id to login to server"
read Eid
Eid=$Eid
echo " Enter hostname of the system"
read HOST
HOST=$HOST... (2 Replies)
I'm testing a C++ based application (HLR) in my solaris system.
Whenever i start the application remotely from some other solaris server using ssh command the application throws an error and goes down.
command i used:
ssh root@192.168.151.77 "./start_hlr.sh"
Below is the error observed :
... (1 Reply)
Hey guys,
I have some task from my office to lock user on the specified directory after the user logged on using ssh. And then run prompt program to fill the required information. Yeah, just like an ATM system.
My question:
How could I do those?? AFAIK I have to edit the ~./bashrc. But the... (1 Reply)
Hello
when try to excute the following
ssh -l pla 10.287.60.55 vis_fil
vis_fil not found.
but it works fine when login to the server.
can you help me run this command in one online because i will add later to shell script
regards (1 Reply)
Hi,
We have a requirement to do passwordless entry from one user to a different user on the same AIX server using ssh keys.
Can some one help me with this?
Thanks in advance,
Panditt (3 Replies)
when i run a command on ALOM via ssh i get following error
ssh root@10.23.12.51 showhosts
Password:
Waiting for daemons to initialize...
Daemons ready
shell: Invalid credentials
how can i run commands without actually loging to the sc (3 Replies)
Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like
user>
while I'd like it to be as
user@host>
It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
I need to run a set of commands on a remote machine using ssh. it should also collect output and return status of each command. Can someone help me how to do this? (1 Reply)
how to run a command in different machie
in my case script will runs in solaries machine..
in one instance it has to run a command in different machine with different operating system ( linux ) using SSH command
i tried
ssh -l (login_name) (machine name/host ) " command "
but it is... (3 Replies)
Hello Everybody,
Could anyone please tell me how to get ssh to work without asking for passwords? (i want to do a ssh <hostname> without getting a request for a password but getting connected straight away)
I have attempted the following but to no avail :( ...
I tried to generate a SSH... (5 Replies)