linux - SSH parameter help on Ubuntu Server
2014-07
I have a variable setup like this:
SSH_EXEC="ssh -X -o ControlPath=~/.ssh/master-$$ -o ControlPersist=60"
The parameter in question is the -X
, because if I then call this command within my local script
$SSH_EXEC user@server "./server_script.sh $aFile"
which in a nutshell does the following:
if [ -e /path/"$1".name ] || [ -e /path/"$1" ]
then
do something
else
error
echo "/path/"$1".name"
exit
fi
Everything works! But if I replace -X
with -t
, my server_script
fails to the else
on the test. I'd prefer not use x11, but I'm not sure what the difference is that is causing it to fail in one instance, and pass in the other.
EDIT
So I just did more troubleshooting and decided to echo the value of /path/$1.name
on the server and it is garbled junk. If my $aFile
name happened to be hello.name
the result of the echo shows .nameello
and also rids the beginning of the path when I use -t
in place of -X
.
What could be causing the corruption of my variables?
The variable $aFile
probably has a trailing Carriage Return character, causing the terminal to return to the start of the line when encountered.
As an example, the following:
echo "/path/"hello^M".name"
outputs:
/.namehello
This sort of thing might happen due to a shell script with DOS line endings, causing a line like
aFile = "hello"
to be interpreted as
aFile = "hello"^M
If that's the case, you should be able to convert your script to use Unix line endings using the dos2unix
utility.
I can not use public key method. I also don't want to use expect script. I searched this site for solution but everybody is talking about these solutions.
Is there any other way like command line parameter to ssh command (e.g. --password='asdf') or input redirection ("<") ?
I would have say to use RSA key or try this one: http://bash.cyberciti.biz/security/expect-ssh-login-script/ bare in mind that you need to install expect
tool.
But since you have say NO to RSA and to expect
, the only way is to write your own script utilizing Twisted's conch
(http://twistedmatrix.com/projects/conch/documentation/examples/) or any other platform available which offer SSH implementation such as ruby or Perl
You could try host-based authentication to log in without a password. In this case you don't need a private key for the user. But you still need a host key. Would this be a possible solution for you?
The man page of ssh sais:
Host-based authentication works as follows: If the machine the user logs in from is listed in /etc/hosts.equiv or /etc/ssh/shosts.equiv on the remote machine, and the user names are the same on both sides, or if the files ~/.rhosts or ~/.shosts exist in the user's home directory on the remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is considered for login. Additionally, the server must be able to verify the client's host key (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, below) for login to be permitted. This authentication method closes security holes due to IP spoofing, DNS spoofing, and routing spoofing. [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.]
If you are familiar with Python, you can try paramiko.
In debian and derivatives, there's a package called sshpass (website here) that's designed to do exactly that.
You can also use The dropbear SSH client, which allows specifying the password on the command line, like this: Dropbear for automatic login for shell scripts
Have a look at the ControlMaster
option in ssh_config. This allows you to open a authenticated tunnel by hand that all following ssh connections uses.