The following lines were added (+) and removed (-):
[[Secure Shell]] (SSH) and Telnet are the two most common remote management protocols. The configuration of Telnet is a common practice, but it is advisable to use SSH. The reason for this is that Telnet data is sent in plain text in contrast to SSH, which encrypts the data. Tools like wireshark and snort can be used to intercept unencrypted data over a LAN or extra network connection. The developer folks hated the "service" command so now we use the new systemctl (System Control) method to start the ssh server daemon. sudo systemctl start ssh== use SSH to execute a remote command =={{:CentOS_Linux_Distribution_Enable_Telnet}}You'll need to be able to ssh with automated password or enter the password each time you run the command.Execute a remote command on a host over SSH:== telnet == ssh nicolep@192.168.100.10 'reboot'There are still safe and legitimate uses for this over four decade old connection protocol.The example above will reboot the remote computer.Multiple commandsWe've already mentioned the lack of security. Quote, "''The telnet daemons (the process that sits on the server and processes your login) have had numerous vunerabilities and will continue to have them. Running telnetd is just one more old daemon waiting to be used to crack your machine!''" from the post [https://www.linuxquestions.org/questions/linux-networking-3/why-you-should-use-ssh-instead-of-telnet-388664/ Why you should use ssh instead of telnet]. ssh nicolep@192.168.100.10 'uptime; df -h'Show the kernel version, number of CPUs and the total RAM:There are times when telnet may be useful. On a private LAN (no route to the Internet) or a connection between two machines only (ultra private LAN) the use of telnet is acceptable, quick, and convenient. ssh root@192.168.100.10 << EOF uname -a lscpu | grep "^CPU(s)" grep -i memtotal /proc/meminfo EOFHere is how Nicole can execute her script on the remote computerFurthermore, exploration on exactly how ssh is more secure, and where it is not can find validation in the use of telnet. One of the key advantages of SSH over telnet is that the server authenticates itself to the client before it collects credentials from the client. Most sniffing occurs within the network itself and not outside of the router. Common ssh installations ignore precautions that protect against external threats, making those networks no more secure when using ssh versus telnet. ssh nicolep@192.168.100.10 'bash -s' < nicolejob.shNicole's script is local on her machine, and she executed it on the remote host.== auto login ssh ==If there is no threat within the network itself, all traffic tunnelled to a remote network within a secure VPN, and concluding there is no internal threat within that remote network, telnet would offer no lessor security as compared to ssh in the described scenario.The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. The nanny mentality whereby the developer protects us from ourselves by preventing us from doing something that compromises security, even though the result may be worse.== ssh - The [[Secure Shell]] ==The developer folks hated the "service" command so now we use the new systemctl (System Control) method to start the ssh server daemon. sudo systemctl start sshOPTIONS FOR SSH AUTOMATEDWhile Telnet was once widely used by administrators for remote management, it does not offer the security mechanisms like SSH, which establishes a secure connection from the host to the remote host. # Use an SSH key for authentication, instead of a password.# Use sshpass, expect, or a similar tool to automate responding to the password prompt.# Use the SSH_ASKPASS feature to get ssh to get the password by running another program.# Use the insecure host-based authentication, sometimes common on private networks.# Use a custom or modified ssh client adapted from source code, or one that allows for stored password.=== sshpass ====== [[Secure Shell]] Support for Remote Login ===Install the sshpass utility so that you can automate ssh login including password.If the ssh server is not already installed, we will use [[apt-get]] to install. As root or using sudo do the following: apt install sshpass apt-get install openssh-server openssh-client Now you can automate the login process service ssh start sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10Custom port example: sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600=== public key authentication ===Note: Added 10/17/2016 old cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.htmlIn the source host run this only once: ssh-keygen -t rsa Now you've generated the public key. It needs to be copied onto the remote host. ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10add identities to the ssh-agent – the authentication agent on the local host. ssh-addnow press ENTER to every field ssh-copy-id nicolep@192.168.100.10=== expect ===== Use telnet on Debian / Ubuntu / Mint ==Example scriptYou don't give a rats rear about security and you wish to use good old fashioned telnet (For Debian/Ubuntu/Mint). Ok... #!/usr/bin/expectInstall the Telnet server sudo apt install xinetd telnetd set timeout 15Assign port sudo vi /etc/services set cmd [lrange $argv 1 end]Look for the line or add a line like set password [lindex $argv 0] telnet 23/tcp Restart xinetd eval spawn $cmd expect "assword:" send "$password\r"; interactAnother example== use SSH to execute a remote command == #!/usr/bin/expect -f{{:Secure Shell - use SSH to execute a remote command}} # ./ssh.exp password 192.168.100.10 id set pass [lrange $argv 0 0] set server [lrange $argv 1 1] set name [lrange $argv 2 2] spawn ssh $name@$server match_max 100000 expect "*?assword:*" send -- "$pass\r" send -- "\r" interactAnd finally, a more elaborate example can be found here:== auto login ssh ==* http://www.techpaste.com/2016/02/ssh-login-with-password/{{:Secure Shell - auto login ssh}}== Remote File Copy via SSH ==SCP - Secure Copy Protocol* see: [[Remote_File_Copy_from_the_Linux_Command_Prompt#SCP_-_Secure_Copy_Protocol|Remote File Copy from the Linux Command Prompt with SCP]]== login and non-login shell ==The .bash_profile is executed for login shells, while .bashrc is executed for interactive non-login shells.When you login (type username and password) via console, either sitting at the machine, or remotely via ssh: .bash_profile is executed prior to the initial command prompt.When you are logged into your machine already and open xterm in your desktop environment then .bashrc is executed prior to seeing a prompt. The .bashrc is also run when you start a new bash instance by typing /bin/bash in a terminal.== Related Pages ==* [[Remote File Copy from the Linux Command Prompt]][[Category:Computer_Technology]][[Category:Linux]]