I want a write a program that run an executable image without creating a new process... I want to do this because I want to use plink that send a password to a remote ssh server...
The plink program sends the password provided in command line .. If I use fork and exec functions someone can see the password provided in command line using process explorer or ps -aef or cat /proc//cmdline .. How to avoid this security hole..and this program has to be run on both linux and windows ..
Set up your SSH server to use RSA public/private key authentication instead of passwords. This is usually a better choice anyway for SSH in general. See http://www.google.com/search?q=set+up+ssh+rsa.
Most programs which accept a password on the command line also accept it via a file, a pipe, or an environment variable. Why not use one of these other mechanisms?
If your worry is that the password is visible, you may be better off encrypting the password. An encrypted password has little value to the observer, so you can use methods like exec() and fork()
To avoid being prompted for a password or using a plain text password in places where it could be "sniffed" from, you should almost certainly set up public-key authentication (assuming you're bound to plink...).
Using pipes is also a good solution.
I found a plink wrapper for unison that does what you need, mainly waiting for a password prompt on plink's STDOUT, then feeding it a response on STDIN.
Hope this works for you
well, why send the password in the beginning? use the password to encrypt some text+time stamp, and then send to authorize yourself?
and No, I don't know a way to call another program without creating a new process.
Related
I have a C++ module whose basic work is to check if a directory exists in the remote machine or not. I am using the system() call for the same .
ssh user#remote-machine [ -d /remote_dir/test]
This works fine giving the result, but intermittently the test fails (the test directory is always there).
Now what might the reason and how to check this.
The test succeeds but gets failure reason (system() call unreliable).
Might be some network issue between the systems. If yes how to check this?
Thanks in advance.
SKP
Make sure that your connection is ok for specified ssh port:
$ telnet remote-machine 22
It should show connection messages, otherwise nothing (means that SSH not allowed to connect by IP firwall on local or remote machine).
If not first, than check credentials to start the "system()" command. Because if you use system() call from the console from user "user1", but module started from user "user2" in the Linux system. In this case credentials to access remote server without password will fail because you made, in example, ssh keys for "user1" and not for "user2" - check it in the /home/(username)/.ssh. For debug if it so, use
...system('ls -l ~/.ssh');
And if no files then you should make connection keys for user who starts this module.
I want to copy a file from remote1 host to the remote2 host using fabric.
I am trying to pass the password for remote2 to the fabric run command, but it's still prompting for the remote2 password.
Anything wrong with my code?
run('echo "pass123" | scp my.tar root#1.2.3.4:')
run('"pass123" | scp my.tar root#1.2.3.4:')
Edit:
In our prod and stagging environments key auth is not supported.
The OpenSSH utilities, including scp, don't accept passwords on the command line or standard input. Whey they read a password, they explicitly open the process's TTY and read from that.
There are basically four approaches available to you:
Use key-based authentication instead of passwords.
Use a program like sshpass or expect to feed the password to scp through a PTY.
Download the OpenSSH source code and modify the software to work the way you want.
Find a way to transfer these files which doesn't involve using the OpenSSH clients software.
I am writing an application to run on a robot. Currently, it is headless, but I want to be able to telnet directly to the application with no authentication and access a shell that I will write.
Is this possible? Would it be practical or are there much easier solutions?
It is entirely possible.
However, if you are using Linux, you may just as well just let your application do it's I/O to the terminal, and use telnet to log in. If you set up a user to use your application as the "login-shell", it will allow direct access to that user called "robot" (for example) (and you can set it to have no password too) - then just do telnet -l robot machine port.
This would save you the effort of writing your own telnet client, and give you almost identical functionality.
If you're using a custom shell, why would you need telnet? Your shell can have a daemon component to listen on given port and then hand over the interaction to whatever REPL your shell would implement.
Is it possible to give the server password within the rsync command?
rsync -zvr source destination password
I am developing a web application in Django using rsync protocol. I use a form to take password input from the user. I want to use that password like this in the rsync command itself? How can I do it? I am sure there's a way using stdin, pipe or something like that. Thanks
From man rsync:
Some modules on the remote daemon may require authentication. If so, you will receive a password prompt when you connect. You can avoid the password prompt by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option. This may be useful when scripting rsync.
And regarding --password-file:
This option allows you to provide a password in a file for accessing a remote rsync daemon. Note that this option is only useful when accessing an rsync daemon using the built in transport, not when using a remote shell as the transport. The file must not be world readable. It should contain just the password as a single line.
So, either set the RSYNC_PASSWORD environment variable before calling rsync, or use a temporary file and pass it to the command; The first option is probably easier, using env:
env RSYNC_PASSWORD=PASSWORD rsync -zvr source destination
Update: Note this little nugget under --password-file:
Note that this option is only useful when accessing an rsync daemon using the built in transport, not when using a remote shell as the transport.
If you're not using the rsync built-in transport, but perhaps SSH, you cannot use this method to "automatically" authenticate. If you're using SSH, you should use public/private keys, or possibly the ASK_SSHPASS trick (See this).
I am wondering if someone can provide me with a couple c++ functions that would allow me to send and receive data over a telnet port.
I've also heard that I can create a program, and have it run via SSH, this would be preferred just because of the security benefits of SSH, are there any samples out there?
Update:
What I want to do, is create a console program users could use remotely via SSH or telnet. I am a C++ programmer.
Update 2: I know I was vague, I am creating an inventory system that I want to be accessible to our employees via SSH or telnet. I will be using sockets, and will often display data to the user via (telnet or through ssh) and accept input from them. I will have to implement sockets, and send data and receive data I know, is there a library for this?
I am not quite sure what you are asking here.
You can execute a remote program via:
ssh <user>#<machine> "<command>"
(Provided you have prepared a passphrase-less pubkey authentication; you'd be asked for a password / passphrase otherwise. The very first invokation will also require user input as SSH wants to verify the fingerprint of the remote machine.)
You could then capture the output of that command line (which is equivalent to the output of the remote command, unless ssh itself belches an error) via the usual means.
I seriously dont believe you want to implement telnet and SSH protocol all by your handwritten code!! That would be too difficult for you.
What I think you want to do is to "Run a command remotely". is it?
If yes then you you would need to execute the command as told by DevSolar but you will need to generate SSH keygen to be installed so that it doesnt ask for password at the prompt.
Else write an expect script.