1

While I am connecting to another server using ssh I am using 'EOF' marker to execute some commands in remote server. But they are failing to execute commands on remote server.

Also when password-less ssh connectivity is not enabled, how to input password from the script without requiring the user to enter password?

$ su - oracle < passwd.txt
standard in must be a tty
Girish Sunkara
  • 109
  • 4
  • Please add any error messages and actual commands executed (copy-and-paste, don't re-type). – Kusalananda Jun 22 '16 at 07:58
  • added error I am getting while ssh connect to another server. – Girish Sunkara Jun 22 '16 at 08:10
  • Consider using `sshpass` or `expect`. See this [post](http://stackoverflow.com/a/27994731/1328439). – Dima Chubarov Jun 22 '16 at 08:29
  • 1
    The error message says that with input redirect you cannot enter a password. If you solve the password issue by setting up passwordless authentication or using `sshpass` or `expect`, then document-here with EOF marker would work as expected. – Dima Chubarov Jun 22 '16 at 08:31
  • yes but I am trying to do it this way. By saving the password in a file to which no one has access so that I can stay secure. I want to use this password file to login – Girish Sunkara Jun 22 '16 at 09:33

2 Answers2

0

If password less conectivity is not enabled (assuming keys auth is enabled - much more secure..) then use keys between machines.. Generate keys using ssh-keygen and copy it to remote servers using ssh-copy-id

Yedidia
  • 969
  • 7
  • 12
0

The good way to do it would be to setup a password-less sudo just for that command.

Install the sudo command if you don't have it, then modify the sudoers file with the visudo command, and add a line like that:

youruser    ALL=(oracle) NOPASSWD: the command you want to launch

For instance

girish    ALL=(oracle) NOPASSWD: /bin/stop-process

Then, in your script, just do:

ssh girish@myserver 'sudo -u oracle /bin/stop-process'

and no password will be asked.

blue112
  • 52,634
  • 3
  • 45
  • 54
  • Hi. I am aware of using this sample script with password less connectivity. But I am looking for a way to do this to keep the password in script or in a seperate file in OS. In our servers its a security measure to not enable password less connectivity for any commands. – Girish Sunkara Jun 22 '16 at 09:23
  • 1
    Security is to not keep your password in plaintext in a script. Create a special user account that can do that, with an ssh-key, and you'll be as safe as possible. – blue112 Jun 22 '16 at 09:25
  • In the example I shown, I kept the password in a text file which only the current user can open and only I know the location so its secure. I am trying to find a way to use that text file to login – Girish Sunkara Jun 22 '16 at 09:31
  • 1
    And it's not a good idea. Please head to security.stackexchange.com for more information about how it is a very bad idea. – blue112 Jun 22 '16 at 09:52