bypass password prompt in shell



This blog will help you in bypassing or ignoring the password prompt in shell along with a sample script to test direct login to remote servers without any interruption due to password prompt

Using ssh –o & trap signals it is possible to skip password prompt & move ahead in the script

Although remote server direct login is enabled using public key sometimes it does not work either due to password policy expiring the password or server un-reachability. In both situation password will be prompted like below

$ssh oracrmdev2lvsb hostname
ajay@oracrmdev2lvsb's password:





Script:
Sample script has been written to provide report of the failure direct remote login from jump server for a particular osuser.



#!/bin/sh
set -x
BASE="/export/home/ajay/direct_login"
SCP_USER=`who -m | awk '{ print $1}'`
DT=`date '+%b_%d_%Y_%HH_%MM'`
DAT=`date '+%b_%Y'`
MAIL="ajay.more@tatacommunications.com"
TODAY=`/bin/date +%d | cut -d"0" -f2` ; export TODAY

> $BASE/direct_login_check.log
> $BASE/direct_login_check_failed.log
> $BASE/direct_login_check_success.log

echo " Verifying Direct Login for osuser $SCP_USER "

for i in `cat $BASE/host_list.lst`;
do
echo $i
trap `ssh -o PreferredAuthentications=publickey $SCP_USER@$i hostname >> $BASE/direct_login_check.log 2>&1; exit` 0
chkconn=`cat $BASE/direct_login_check.log | grep -i $i | wc -l | awk '{ print $1 }'`;export chkconn
if [ $chkconn -ge 1 ];then
echo "Direct Logging Succeded for osuser $SCP_USER on $i " >> $BASE/direct_login_check_success.log
else
echo "Direct Logging Failed for osuser $SCP_USER on $i " >> $BASE/direct_login_check_failed.log
fi
done

echo "=======================" > $BASE/direct_login_failed.log
echo "Direct Login Failed Log" >> $BASE/direct_login_failed.log
echo "=======================" >> $BASE/direct_login_failed.log
echo "                       " >> $BASE/direct_login_failed.log
cat $BASE/direct_login_check_failed.log >>  $BASE/direct_login_failed.log
echo "                       " >> $BASE/direct_login_failed.log

if [ `cat $BASE/direct_login_failed.log | wc -l | awk '{ print $1 }'` -ge 1 ];then
cd $BASE
uuencode direct_login_failed.log direct_login_failed.log | mailx -s "Direct Login Failure Report for $SCP_USER " $MAIL
fi


Explanation:
Script will...
1. Read the list of hostnames
2. Connect to each server as a password less login
3. Pull the hostname command output from remote host
4. Prepare the failure direct login report & mail

ssh –o PreferredAuthentications=publickey allows to specify preferable public keys based authentication method which suppresses the password prompt event after failure

trap allows to send the interrupt signal within script in-case login (or any command) halts , saving from complete script going in hang state & keeping loop in progress
 

As per snap asap-db2 has got connected successfully using public key & returned the hostname setting flag 1 as a success



As per snap ace-lvsb-db2 unable to connect using public key hence did not returned the hostname causing flag 0 as a failure

Email Report file shows failure log



No comments:

Post a Comment

My Popular Posts