P
postcd
Guest
Hello,
around 3 years back i used sshpass to input password to the ssh command and i believe it worked.
But now it does not work.
So i run the command:
and i do not see it setup a SSH connection. When i use bad password, it reports denied access.
command ssh h -f -N -D 0.0.0.0:1080 localhost is working very well without any problem but i wanted to show you something i noticed when i run with verbose enabled :
And SSHPASS:
I noticed that with sshpass the last line "Entering interactive session." is not present in debug log.
When i disabled GSSAPIAuthentication, i do not see any errors:
tail /var/log/secure shows:
Is there any workaround so i can run that ssh command from within bash script without need to input password myself? (i know it is security issue)
Thank You
around 3 years back i used sshpass to input password to the ssh command and i believe it worked.
But now it does not work.
manual: https://linux.die.net/man/1/sshpass# sshpass -V | head -n 1
sshpass 1.05 (C) 2006-2011 Lingnu Open Source Consulting Ltd.
# which sshpass;which ssh;cat /etc/red*
/usr/bin/sshpass
/usr/bin/ssh
CentOS release 5.11 (Final)
So i run the command:
# ps auxf|grep ssh;/usr/bin/sshpass -p 3d6b1e9db8 /usr/bin/ssh -f -N -D 0.0.0.0:1080 localhost;ps auxf|grep ssh
root 858 0.0 0.1 62688 1196 ? Ss Mar13 0:00 /usr/sbin/sshd
root 5989 0.0 0.4 88112 3728 ? Ss 04:06 0:00 \_ sshd: root@pts/1
root 6071 0.0 0.4 88112 3728 ? Ss 05:22 0:00 \_ sshd: root@pts/2
root 6393 0.0 0.0 6052 600 pts/0 S+ 05:55 0:00 \_ grep ssh
root 858 0.0 0.1 62688 1196 ? Ss Mar13 0:00 /usr/sbin/sshd
root 5989 0.0 0.4 88112 3728 ? Ss 04:06 0:00 \_ sshd: root@pts/1
root 6071 0.0 0.4 88112 3728 ? Ss 05:22 0:00 \_ sshd: root@pts/2
root 6396 0.0 0.4 86044 3252 ? Ds 05:55 0:00 \_ sshd: root [priv]
root 6400 0.0 0.0 6052 596 pts/0 S+ 05:55 0:00 \_ grep ssh
and i do not see it setup a SSH connection. When i use bad password, it reports denied access.
command ssh h -f -N -D 0.0.0.0:1080 localhost is working very well without any problem but i wanted to show you something i noticed when i run with verbose enabled :
[root@hefwrflk ~]# ssh -v -f -o StrictHostKeyChecking=no -N -D 0.0.0.0:1080 localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@localhost's password:
debug1: Authentication succeeded (password).
debug1: Local connections to 0.0.0.0:1080 forwarded to remote address socks:0
debug1: Local forwarding listening on 0.0.0.0 port 1080.
debug1: channel 0: new [port listener]
[root@hefwrflk ~]# debug1: Entering interactive session.
And SSHPASS:
[root@hefwrflk ~]# sshpass -p myrootpassword ssh -v -f -o StrictHostKeyChecking=no -N -D 0.0.0.0:1080 localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
debug1: Authentication succeeded (password).
debug1: Local connections to 0.0.0.0:1080 forwarded to remote address socks:0
debug1: Local forwarding listening on 0.0.0.0 port 1080.
debug1: channel 0: new [port listener]
[root@hefwrflk ~]#
I noticed that with sshpass the last line "Entering interactive session." is not present in debug log.
When i disabled GSSAPIAuthentication, i do not see any errors:
[root@hefwrflk /]# sshpass -p "myrootpassword" ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -f -N -D 0.0.0.0:1080 localhost
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
debug1: Authentication succeeded (password).
debug1: Local connections to 0.0.0.0:1080 forwarded to remote address socks:0
debug1: Local forwarding listening on 0.0.0.0 port 1080.
debug1: channel 0: new [port listener]
tail /var/log/secure shows:
Mar 14 07:41:56 hefwrflk sshd[6690]: Accepted password for root from 127.0.0.1 port 36949 ssh2
Mar 14 07:41:56 hefwrflk sshd[6690]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 14 07:41:56 hefwrflk sshd[6690]: pam_unix(sshd:session): session closed for user root
Is there any workaround so i can run that ssh command from within bash script without need to input password myself? (i know it is security issue)
Thank You
Last edited: