The following lines were added (+) and removed (-):
Secure Shell (SSH) and Telnet are the two most common remote management protocols. The configuration of Telnet is a common practice, but it is advisable to use SSH. The reason for this is that Telnet data is sent in plain text in contrast to SSH, which encrypts the data. Tools like wireshark and snort can be used to intercept unencrypted data over a LAN or extra network connection. [[Secure Shell]] (SSH) and Telnet are the two most common remote management protocols. The configuration of Telnet is a common practice, but it is advisable to use SSH. The reason for this is that Telnet data is sent in plain text in contrast to SSH, which encrypts the data. Tools like wireshark and snort can be used to intercept unencrypted data over a LAN or extra network connection. There are still safe and legitimate uses for this over four decade old connection protocol.== ssh - The Secure Shell ==== ssh - The [[Secure Shell]] ===== [[Secure Shell]] Support for Remote Login ===If the ssh server is not already installed, we will use [[apt-get]] to install. As root or using sudo do the following: apt-get install openssh-server openssh-client service ssh startNote: Added 10/17/2016 old cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.htmlYou'll need to be able to ssh with automated password or enter the password each time you run the command.{{:Secure Shell - use SSH to execute a remote command}} Execute a remote command on a host over SSH: ssh nicolep@192.168.100.10 'reboot'The example above will reboot the remote computer. Multiple commands ssh nicolep@192.168.100.10 'uptime; df -h' Show the kernel version, number of CPUs and the total RAM: ssh root@192.168.100.10 << EOF uname -a lscpu | grep "^CPU(s)" grep -i memtotal /proc/meminfo EOF Here is how Nicole can execute her script on the remote computer ssh nicolep@192.168.100.10 'bash -s' < nicolejob.shNicole's script is local on her machine, and she executed it on the remote host.{{:Secure Shell - auto login ssh}}The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. The nanny mentality whereby the developer protects us from ourselves by preventing us from doing something that compromises security, even though the result may be worse.== shells that don't die when connection is lost ==The two most common solutions are "screen" and "tmux." Screen has been around longer, tmux has some additional capabilities, and both will keep your terminal session alive even if your connection is lost. === Screen - Virtual Terminals From Console ===Multiple virtual terminals from one terminal (like a remote shell), with the ability to detach processes and leave them running even when you disconnect. * [[Screen - Virtual Terminals From Console]]=== tmux, the shell that doesn't die ==={{:Tmux_terminal_multiplexer}}OPTIONS FOR SSH AUTOMATED== Remote File Copy via SSH ==# Use an SSH key for authentication, instead of a password.SCP - Secure Copy Protocol# Use sshpass, expect, or a similar tool to automate responding to the password prompt.* see: [[Remote_File_Copy_from_the_Linux_Command_Prompt#SCP_-_Secure_Copy_Protocol|Remote File Copy from the Linux Command Prompt with SCP]]# Use the SSH_ASKPASS feature to get ssh to get the password by running another program.# Use the insecure host-based authentication, sometimes common on private networks.# Use a custom or modified ssh client adapted from source code, or one that allows for stored password.=== sshpass ===== login and non-login shell ==Install the sshpass utility so that you can automate ssh login including password.The .bash_profile is executed for login shells, while .bashrc is executed for interactive non-login shells. apt install sshpassNow you can automate the login process sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10Custom port example: sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600=== public key authentication ===When you login (type username and password) via console, either sitting at the machine, or remotely via ssh: .bash_profile is executed prior to the initial command prompt.In the source host run this only once: ssh-keygen -t rsa Now you've generated the public key. It needs to be copied onto the remote host. ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10add identities to the ssh-agent – the authentication agent on the local host. ssh-addnow press ENTER to every field ssh-copy-id nicolep@192.168.100.10=== expect ===When you are logged into your machine already and open xterm in your desktop environment then .bashrc is executed prior to seeing a prompt. The .bashrc is also run when you start a new bash instance by typing /bin/bash in a terminal.Example script #!/usr/bin/expect set timeout 15 set cmd [lrange $argv 1 end] set password [lindex $argv 0] eval spawn $cmd expect "assword:" send "$password\r"; interactAnother example== Related Pages == #!/usr/bin/expect -f* [[Remote File Copy from the Linux Command Prompt]] # ./ssh.exp password 192.168.100.10 id set pass [lrange $argv 0 0] set server [lrange $argv 1 1] set name [lrange $argv 2 2] spawn ssh $name@$server match_max 100000 expect "*?assword:*" send -- "$pass\r" send -- "\r" interactAnd finally, a more elaborate example can be found here:* http://www.techpaste.com/2016/02/ssh-login-with-password/== shells that don't die when connection is lost ==[[Category:Computer_Technology]]The two most common solutions are "screen" and "tmux." Screen has been around longer, tmux has some additional capabilities, and both will keep your terminal session alive even if your connection is lost. [[Category:Linux]]=== Screen - Virtual Terminals From Console ===Multiple virtual terminals from one terminal (like a remote shell), with the ability to detach processes and leave them running even when you disconnect. * [[Screen - Virtual Terminals From Console]]=== tmux, the shell that doesn't die ==={{:Tmux_terminal_multiplexer}}