Saturday, June 9, 2018

How do I login over ssh without using password less RSA / DSApublic keys?


Linux system Admins  normally login to the linux  servers either supplying a password,
or using keybased authentication. sshpass is a tool which allows us to automatically
supply password to the command prompt so that automated scripts can be run as desired
by users. sshpass supplies password to ssh prompt using dedicated tty , fooling ssh to
believe that a interactive user is supplying password.

Install sshpass under Debian / Ubuntu Linux

Type the following command:
$ sudo apt-get install sshpass

Install sshpass under RHEL/CentOS Linux

$ sudo yum install sshpass

If you are using Fedora Linux, type:
$ sudo dnf install sshpass

Install sshpass under Arch Linux

$ sudo pacman -S sshpass

Install sshpass under OpenSUSE Linux

$ sudo zypper install sshpass

Install sshpass under FreeBSD Unix

To install the port, enter:
# cd /usr/ports/security/sshpass/ && make install clean
To add the package, run:
# pkg install sshpass

Getting Help :
# sshpass -h
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
  • -f filename   Take password to use from file
  • -d number Use number as file descriptor for getting password
  • -p password   Provide password as argument (security unwise)
  • -e         Password is passed as env-var "SSHPASS" With no parameters – password will be taken from stdin
  • -h         Show help (this screen)
  • -V         Print version information
At most one of -f, -d, -p or -e should be used


How do I use sshpass in Linux or Unix?

Login to ssh server called example.com with password called redhat@1234
$ sshpass -p 'redhat@1234' ssh username@example.com

For shell script you may need to disable host key checking:
$ sshpass -p 'redhat@1234' ssh -o StrictHostKeyChecking=no username@example.com

TO RUN SOME COMMAND ON THE REMOTE SERVER TO CHECKING UPTIME

$sshpass -p 'redhat@1234' ssh username@example.com  "uptime"

Sample output
01:04:35 up 126 days,  3:34, 2 users, load average: 0.50, 0.54, 0.55

Reading password from file

Another option is to read password from file using the -f option.
The syntax is:
sshpass -f fileNameHere ssh user@server





How to Disable Root SSH Login on Linux ?


One of the biggest security holes you could open on your server is to allow directly
logging in as root through ssh, because any cracker can attempt to brute force
your root password and potentially get access to your system if they can figure out your password.

It’s much better to have a separate account that you regularly use and simply
sudo to root when necessary. Before we begin, you should make sure that
you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration
file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/.
Open the file up while logged on as root.

$ vi /etc/ssh/sshd_config

Find this section in the file, containing the line with “PermitRootLogin” in it.

#LoginGraceTime 5m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root. Uncomment that line

PermitRootLogin no

Now you’ll need to restart the sshd service:

/etc/init.d/sshd restart

Now nobody can brute force your root login, at least.