We were using telnet as in the below script to allow a different user execute the below scripts.We dont want the user to know our uid/pwd.However telnet was revoked by our admins and we are no more able to use this piece of script.
Is there a way to replace this with a diff piece of scripts say using ssh.Please note that this script will be owned by "user1" and used by a diff user who will neither be able to see the script nor know the password for user1.
If the user running this can't see the script, they can't run it.
But to use ssh in the same way you are currently using telnet, you can just change 'telnet to 'ssh' safely enough.
That code fragment looks really strange to me though, I suspect ther'll be an easier way to do what you are trying to achieve there...
The script is there in place for some historic reasons
By "see" I mean they should not be able to view the contents of the script.When I change from 'telnet' to 'ssh' , the script echoes the userid and pwd which is not desired.
If there is a more simpler way to do this I am more than happy to do it that way.......
Take out those lines, they were for logging in using the telnet command, but ssh with a suitable key will not require a password.
Simpler still;
ssh user1@localhost "cd /apps/scripts; $COMMAND1"
Even simpler would be sudo or su but that again requires the user to type in a password. With sudo you can set it up so that no password is required, though.
Read the SSH documentation. It is easy to generate a private and public key pair (see man ssh-keygen), then you just need to copy the public key to user2's .ssh/authorized_keys file) and you can connect as that user with no password. Note that the ~user2/.ssh directory permissions must be drwx------ (700).
Well, it looks like it's not using the key. See if you can glean any error message when running ssh with the verbose flag. Also check the ssh daemon's log file, and if all else fails, if you can run that too with verbose messages, you might be able to find the problem with that. But usually it's something simple, like too lax permissions on the key files.
Now I have set-up the Auth keys.But what I am scared is after the user do ssh and logged on , will be able to execute commands owned by the master user?
Setting up a key pair to allow a normal user access does not grant them any super-user privileges. It just allows them to log in without typing a password.