Telnet revoked

Ram_Prabu · July 28, 2008, 1:40am

Hello,

We were using telnet as in the below script to allow a different user execute the below scripts.We dont want the user to know our uid/pwd.However telnet was revoked by our admins and we are no more able to use this piece of script.

else
{
echo "user1"
sleep 2
echo "pwd"
sleep 2
echo "cd /apps/scripts"
sleep 2
echo $COMMAND1
sleep 5
} | telnet localhost

Is there a way to replace this with a diff piece of scripts say using ssh.Please note that this script will be owned by "user1" and used by a diff user who will neither be able to see the script nor know the password for user1.

Smiling_Dragon · July 28, 2008, 1:45am

If the user running this can't see the script, they can't run it.
But to use ssh in the same way you are currently using telnet, you can just change 'telnet to 'ssh' safely enough.

That code fragment looks really strange to me though, I suspect ther'll be an easier way to do what you are trying to achieve there...

Ram_Prabu · July 28, 2008, 2:23am

The script is there in place for some historic reasons

By "see" I mean they should not be able to view the contents of the script.When I change from 'telnet' to 'ssh' , the script echoes the userid and pwd which is not desired.

If there is a more simpler way to do this I am more than happy to do it that way.......

Thanks in advance for your help.

era · July 28, 2008, 2:51am

Take out those lines, they were for logging in using the telnet command, but ssh with a suitable key will not require a password.

Simpler still;

ssh user1@localhost "cd /apps/scripts; $COMMAND1"

Even simpler would be sudo or su but that again requires the user to type in a password. With sudo you can set it up so that no password is required, though.

Ram_Prabu · July 31, 2008, 9:32pm

ssh user1@localhost "cd /apps/scripts; $COMMAND1"

user1 will be already logged into the user.But only user2 has the privilege to execute the command.

Hence I need to pass the password in the script.Any help.

ssh user2@localhost "cd /apps/scripts; $COMMAND1" somehow i need to pass password.

Only user2 can execute the command and user1 cannot.user1 will execute only the script.

incredible · August 1, 2008, 12:57am

Then, plant in your authorized key..

Ram_Prabu · August 1, 2008, 1:25am

How can this be passed instead of prompting for the password?

Thanks in advance.

Annihilannic · August 1, 2008, 2:40am

Read the SSH documentation. It is easy to generate a private and public key pair (see man ssh-keygen), then you just need to copy the public key to user2's .ssh/authorized_keys file) and you can connect as that user with no password. Note that the ~user2/.ssh directory permissions must be drwx------ (700).

Ram_Prabu · August 5, 2008, 1:41am

I have setup ssh for passwordless login.But still it prompts me for a password.

I have generated the key pairs(without the pass phrase) , added to the authorisedkeys list.

/export/home/user1>ssh user1@localhost
user1@localhost's password:

Am I missing something at all?

era · August 5, 2008, 1:55am

Well, it looks like it's not using the key. See if you can glean any error message when running ssh with the verbose flag. Also check the ssh daemon's log file, and if all else fails, if you can run that too with verbose messages, you might be able to find the problem with that. But usually it's something simple, like too lax permissions on the key files.

Annihilannic · August 5, 2008, 2:03am

Also, the authorized_keys file uses the American spelling, and don't forget the underscore.

Ram_Prabu · August 14, 2008, 2:57am

Now I have set-up the Auth keys.But what I am scared is after the user do ssh and logged on , will be able to execute commands owned by the master user?

If so is it possible to avoid that?

Annihilannic · August 14, 2008, 3:25am

Setting up a key pair to allow a normal user access does not grant them any super-user privileges. It just allows them to log in without typing a password.