Difference between revisions of "Linux Remote Shell Notes"
(→Install and use telnet) |
|||
Line 8: | Line 8: | ||
[[Netcat]] - netcat has been around a long time and should be harmless to have on your system unless you really open things up like a fool. | [[Netcat]] - netcat has been around a long time and should be harmless to have on your system unless you really open things up like a fool. | ||
− | == | + | {{:CentOS_Linux_Distribution_Enable_Telnet}} |
+ | |||
+ | == Use telnet on Debian / Ubuntu / Mint == | ||
You don't give a rats rear about security and you wish to use good old fashioned telnet (For Debian/Ubuntu/Mint). Ok... | You don't give a rats rear about security and you wish to use good old fashioned telnet (For Debian/Ubuntu/Mint). Ok... | ||
Install the Telnet server | Install the Telnet server | ||
Line 17: | Line 19: | ||
telnet 23/tcp | telnet 23/tcp | ||
Restart xinetd | Restart xinetd | ||
− | |||
− | |||
== use SSH to execute a remote command == | == use SSH to execute a remote command == |
Revision as of 11:25, 5 March 2018
telnet - You can install the old telnet server on your linux system and use it to connect sending your password as plain text and then work in a remote shell with everything being sent as plain text, in the event you wish to share everything you are doing with anyone listening with a packet sniffer at any point between you and the remote host.
ssh - SSH works by connecting a client program to an ssh server. Use ssh as the modern secure alternative to telnet. Connect to your linux host from another linux host or a host with a different operating system such as Microsoft Windows. On Microsoft Windows you can use the free ssh client Putty to connect via ssh.
The developer folks hated the "service" command so now we use the new systemctl (System Control) method to start the ssh server daemon.
sudo systemctl start ssh
Netcat - netcat has been around a long time and should be harmless to have on your system unless you really open things up like a fool.
Contents
Want to install telnet?
telnet server is not recommended for security reasons, plain text over tcp/ip
# yum install telnet telnet-server -y
How about telnet client? It is not installed by default.
#yum intall telnet -y
The package is Package telnet.i686
Enable TELNET as ROOT on GUEST CentOS system
Simply edit the file /etc/securetty and add the following to the end of the file:
pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9
This will allow up to 10 telnet sessions to the server as root. note: Just one is probably fine
ref: http://www.idevelopment.info/data/Unix/Linux/LINUX_TelnetFTPAsRoot.shtml
Use telnet on Debian / Ubuntu / Mint
You don't give a rats rear about security and you wish to use good old fashioned telnet (For Debian/Ubuntu/Mint). Ok... Install the Telnet server
sudo apt install xinetd telnetd
Assign port
sudo vi /etc/services
Look for the line or add a line like
telnet 23/tcp
Restart xinetd
use SSH to execute a remote command
You'll need to be able to ssh with automated password or enter the password each time you run the command.
Execute a remote command on a host over SSH:
ssh nicolep@192.168.100.10 'reboot'
The example above will reboot the remote computer.
Multiple commands
ssh nicolep@192.168.100.10 'uptime; df -h'
Show the kernel version, number of CPUs and the total RAM:
ssh root@192.168.100.10 << EOF uname -a lscpu | grep "^CPU(s)" grep -i memtotal /proc/meminfo EOF
Here is how Nicole can execute her script on the remote computer
ssh nicolep@192.168.100.10 'bash -s' < nicolejob.sh
Nicole's script is local on her machine, and she executed it on the remote host.
auto login ssh
The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. The nanny mentality whereby the developer protects us from ourselves by preventing us from doing something that compromises security, even though the result may be worse.
OPTIONS FOR SSH AUTOMATED
- Use an SSH key for authentication, instead of a password.
- Use sshpass, expect, or a similar tool to automate responding to the password prompt.
- Use the SSH_ASKPASS feature to get ssh to get the password by running another program.
- Use the insecure host-based authentication, sometimes common on private networks.
- Use a custom or modified ssh client adapted from source code, or one that allows for stored password.
sshpass
Install the sshpass utility so that you can automate ssh login including password.
apt install sshpass
Now you can automate the login process
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10
Custom port example:
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600
public key authentication
In the source host run this only once:
ssh-keygen -t rsa
Now you've generated the public key. It needs to be copied onto the remote host.
ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10
add identities to the ssh-agent – the authentication agent on the local host.
ssh-add
now press ENTER to every field
ssh-copy-id nicolep@192.168.100.10
expect
Example script
#!/usr/bin/expect set timeout 15 set cmd [lrange $argv 1 end] set password [lindex $argv 0] eval spawn $cmd expect "assword:" send "$password\r"; interact
Another example
#!/usr/bin/expect -f # ./ssh.exp password 192.168.100.10 id set pass [lrange $argv 0 0] set server [lrange $argv 1 1] set name [lrange $argv 2 2] spawn ssh $name@$server match_max 100000 expect "*?assword:*" send -- "$pass\r" send -- "\r" interact
And finally, a more elaborate example can be found here:
shells that don't die when connection is lost
The two most common solutions are "screen" and "tmux." Screen has been around longer, tmux has some additional capabilities, and both will keep your terminal session alive even if your connection is lost.
Screen - Virtual Terminals From Console
Multiple virtual terminals from one terminal (like a remote shell), with the ability to detach processes and leave them running even when you disconnect.
tmux, the shell that doesn't die
tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal.
tmux may be detached from a screen and continue running in the background, then later reattached.
- ssh into the remote machine
- start tmux by typing tmux into the shell
- start the process you want inside the started tmux session
- leave/detach the tmux session by typing Ctrl+b and then d
The tmux and GNU screen utilities have many similarities. tmux is considered more modern.
Each session is persistent and will survive accidental disconnection (such as ssh(1) connection timeout) or intentional detaching (with the ‘C-b d’ key strokes). tmux may be reattached using:
tmux attach
Example tmux commands include:
refresh-client -t/dev/ttyp2 rename-session -tfirst newname set-window-option -t:0 monitor-activity on new-window ; split-window -d bind-key R source-file ~/.tmux.conf \; \ display-message "source-file done"
Or from sh(1):
tmux kill-window -t :1 tmux new-window \; split-window -d tmux new-session -d 'vi /etc/passwd' \; split-window -d \; attach