String cisco commands together (sh via ssh)

i need to update several cisco devices (all the same) and want to do it in an automated fasion.
i want to use ssh to login, enable to admin, then tftp get the image, write and be done with it...
can you string cisco ios commands (and echo pass | enable for that matter) under the cisco shell interpreter???
ie:
ssh admin@cisco cmd1; cmd2; cmd3; cmd4; cmd5
ultimately, ssh admin@cisco echo pass | enable; archive download tftp://path/file; write; sync; reboot
possible?

You can do Cisco IOS Scripting with Tcl. More details are available in the following links.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a75a7.html

Similar Messages

Disk image can mount from local terminal with "open" command but not via ssh

I have a disk image "backup_image.sparsebundle". If I go to the terminal on my machine and type "open backup_image.sparsebundle" the disk image mounts as expected. No problems. If I secure shell (ssh) log in from a remote Mac and execute the same "open backup_image.sparsebundle" a warning dialog pops up and states that "The following disk images couldn't be opened" followed by my disk name. This is incredibly odd because it used to work just fine. I didn't think there were any ACL differences between a local terminal shell and remote ssh. I mean a shell is a shell right? Or, it used to be and now it isn't? I'm not doing anything obviously incorrect (to me); I'm the same user locally and remotely, same path to disk image. This used to work fine before Mountain Lion.
Background: All of this started because I wrote a script that would ssh in to a remote machine, open the disk image on that remote machine, mount it across the network over afp and rsync. If I leave the disk image mounted on the remote machine, the script runs fine but if the image is close and I try to remotely open the image as I always did, it fails. The only thing that has changed in the system is, now, both machines are running Mountain Lion. Odd.
Suggestions?

Storing the password for the remote disk image in the local keychain of the computer running the script (in to a variable), then passing it accross to the remote machine worked. I'm not sure why all of this changed moving from Lion to Mountain Lion but I suppose it is slightly more secure.
To programatically mount and sync a remote encrypted disk:
#!/bin/bash
if [ -n "`mount | grep ~/sync`" ]; then
echo "Already mounted"
else
pw=$(security -v find-generic-password -w -D "application password")
ssh -o ConnectTimeout=1 [email protected] "echo $pw | hdiutil attach /Users/user/backup_image.sparsebundle"
mkdir ~/sync
mount_afp -s "afp://matdup01:[email protected]/Disk Image" ~/sync
fi
if [ $? -eq 0 ]; then
echo "Mount succeeded!"
else
echo "Mount Failed"
exit 0
fi
rsync -vrxtu --delete-before --exclude _* "/Volumes/Media/new Media/" ~/sync/new\ media/
umount ~/sync
rmdir ~/sync
exit

Remote command execution via ssh on ips sensor...

I am attempting to execute a command remotely via ssh so that I can collect the information on another host.
ex: ssh -t username@sensor show tech-support
Instead of the output I expect, I receive an error message: Error: Received invalid command line argument.
Is this type of remote command execution supported by the sensor?
Kevin Riggins

Not true, i already created scritp to automaticly backup the IPS

Cannot start NodeManager Remotly (Via SSH Commands)

Hi all,
we are going to start the node manager of one of the cluster servers via SSH command.
But it is not starting. We can start it directly by log in to that server and run startNodemanager.sh script.
What is the issue?
Thanks,
Nir

Hi are you able to start Node manager using following WLST Command :
startNodeManager(verbos='true',NodeManagerHome='$WL_HOME/common/nodemanager',ListenPort='<PortNo>',ListenAddress='<HostName')
And also can check NodeManager Log files for errors .
Regards
Edited by: TheKop88 on Jun 5, 2013 6:13 PM

Exec command via SSH in existing X-Session

Hello,
i want to start the media player app via SSH in an existing X-Session (real display) on the ssh target (ssh user = x-session user, all same machine). I do not mean X-forwarding! After the app is started, i want to disconnect the ssh connection and all should be still running. Any ideas?
Greetings,
Sebastian

The difference:
#remote display
ssh user@host DISPLAY=:0 some_command
# although you might assume it get's passed through ssh, it does not and is displayed on the remote machine
ssh -X user@host DISPLAY=:0 some_command
# local display
DISPLAY=:0 ssh -X user@host some_command
Also have a look at the man pages of disown and nohup to learn how to remove the program from your running shell, so you can close the ssh connection.
By the way: export only means, that the variable is exported to the shell. If I run "export TERMINAL=xterm", then until I close the shell, I can for example "echo $TERMINAL" to read "xterm". The shell is always on the host you are connected to. I assume there is a way to bind a remote X server to a DISPLAY (say :100), so you could DISPLAY=:100 to automatically show it on the remote host (or your local host, depending on what machine you sit in front of). I only assume because there is always a way, but I have never tested it or really thought about it.

Connecting to sf302-80p via ssh-prevent prompt for password

Hi there.
I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request?
For example, we usually connect by typing something like the following at a command prompt:
ssh [email protected]
Then the switch would prompt for a password.
I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.
Thanks for reading this post!

After doing some research, here's the solution to our problem. Others may have resolved in a different way, but this seems to work for us.
What we noticed is the following:
1. popular ssh libraries like phpseclib were failing on this switch because of the limited ssh implementation.
2. php's ssh2_auth_none function returns TRUE on this switch.
What does this mean?
It seems that the ssh protocol has an authentication method called "none". This is insecure, and is usually disabled on most switches. The ssh2_auth_none() function attempts to connect without any authentication and if it fails, it returns a list of the authentication methods that the server accepts. In the case of the SF300.. it DOES NOT FAIL and returns nothing for the authentication methods.
3. Known CLI and SSH Limitations
Although they weren't able to give us a solution, CISCO tech support did explicitly state that the small business class switches have a limited CLI and a pared down version of SSH as well so you cannot treat it as you an enterprise level switch that has a full blown ssh implementation.
In case it helps, here's a little snippet of code that shows how to connect to these types of devices:
<?php
          $username = 'myusername';
          $password = 'mypassword';
          $connection = ssh2_connect('123.123.123.123', 22);
          //$authentication_methods = ssh2_auth_none($connection, 'user');
          $stdio_stream = ssh2_shell($connection);
          fwrite($stdio_stream,$username."\n");
          sleep(1);
          fwrite($stdio_stream,$password."\n");
          sleep(1);
          echo "Results: " . stream_get_contents($stdio_stream);
          echo 'sending show bonjour command:
         fwrite($stdio_stream, "show bonjour".PHP_EOL); //you can use \n instead of PHP_EOL but PHP_EOL is recommended.
         sleep(1);
         echo "
Results: " . stream_get_contents($stdio_stream);
?>
Hope this helps anyone who's attempting to connect to these types of devices programmatically.

Error connecting from Mac to Linux via SSH (Permission denied (publickey...

Hello together,
I have a perfectly working setup with my XP machine, Putty and my Suse Linux server that allow for remote login via SSH. I use Public Key authentication.
However, when I try to login from my Mac, all I get from the Mac side is a
"Permission denied (publickey,keyboard-interactive)."
And I can't establish the connection. On the server in 'messages' I get:
"sshd{6046}: Accepted publickey for {userName} from {myHomeIP} port 38335 ssh2"
What could be wrong here?
I would like to use the same keys on my PC and my Mac so I just copied the key files into the .ssh directory on the Mac, did a chmod 600 on them and then tried to remote log-on with the follwoing from the terminal:
"ssh -l {userName} {host} -i {keyFile}"
My questions are:
1) How am I sure that the Mac uses the right key files? (or uses them at all)
2) How come my server says "accept publickey" and no connection is established?
3) Do you have any other idea on how I might get this to work? What I need is a method to copy files (not via FTP) to my server and let the process run without supervision / user interaction.
Thanks a lot for all your help!
Cheers
Message was edited by: Sebastian_R (some typos)

If you copied your files from Windows, I would check to make sure your lines are <LF> terminated. I have not played with Putty so I do not know the way it line terminates its ssh key files, but Windows has a long tradition of using <CR><LF> to terminate its lines.
cat -v ~/.ssh/id_rsa # or whatever your file names are
If there are <CR> characters in the file, they will show up as ^M
Next get more diagnostic information from ssh using an *ssh -v -v -v*
If you know how to tell Putty to do the same thing, do it from Putty as well.
Now compare the debug output from the working vs the non-working ssh commands. The differences will tell you a lot.
If you look at *man ssh* and search for permissions it will tell you what files need restrictive permissions. You can get a permissions denied error if your home directory allows Group or Other write access. The $HOME/.ssh directory needs to be set so ONLY the Owner is allowed to access it. And some of the files in $HOME/.ssh require specific permissions. The ssh man page details this.

Bug between JRockit and X11 forwarding via ssh

I have encountered what appears to be a bug in the interaction of JRockit with X11 ssh forwarding.
When running any Java GUI application on a remote machine using X11 forwarding via ssh, a variety of problems occur. For example:
--- cut here ---
% mitrion-ide
The program '' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAtom (invalid Atom parameter)'.
(Details: serial 189 error_code 5 request_code 20 minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
--- cut here ---That's the good case. When running the rmmlite application (available at https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 ), I experience what appears to be a near-lockup of my local workstation.
Neither of these problems occur if I set my DISPLAY to not use ssh X11 forwarding. Likewise, non-Java applications work just fine with ssh X11 forwarding. Therefore the problem seems to be limited to the Java + ssh X11 forwarding combination.
I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh X11 forwarding), but I thought this was worth bringing to BEA's attention. I'd also be curious to know if others have run into similar difficulties.
Here are the configuration details:
Remote X11 client (where applications are hosted)
=================================================
% java -version
java version "1.4.2_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode)
% uname -a
Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 athlon i386 GNU/Linux
% rpm -qa | grep openssh-server
openssh-server-3.9p1-8.RHEL4.12
This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other versions of Java removed.
Local workstation (i.e. X11 server)
===================================
% uname -a
FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15 08:41:01 CST 2007 [email protected]:/usr/obj/usr/src/sys/somewhere i386
% ssh -v
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
% pkg_info -Ix xorg-server
xorg-server-6.9.0_3 X.Org X server and related programs
Thank you,
Brent Casavant

Brent,
it would be nice to know if this problem is specific to the JRockit JDK or
if you also can reproduce it using the corresponding Sun JDK 1.4.2. Please
do also try with a later version such as latest JRockit JDK 5.0.
Thanks
/Robert
<Brent Casavant> wrote in message news:[email protected]...
I have encountered what appears to be a bug in the interaction of JRockit
with X11 ssh forwarding.
When running any Java GUI application on a remote machine using X11
forwarding via ssh, a variety of problems occur. For example:
--- cut here ---
% mitrion-ide
The program '' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAtom (invalid Atom parameter)'.
(Details: serial 189 error_code 5 request_code 20 minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
--- cut here ---That's the good case. When running the rmmlite application (available at
https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 )
, I experience what appears to be a near-lockup of my local workstation.
Neither of these problems occur if I set my DISPLAY to not use ssh X11
forwarding. Likewise, non-Java applications work just fine with ssh X11
forwarding. Therefore the problem seems to be limited to the Java + ssh X11
forwarding combination.
I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh
X11 forwarding), but I thought this was worth bringing to BEA's attention.
I'd also be curious to know if others have run into similar difficulties.
Here are the configuration details:
Remote X11 client (where applications are hosted)
=================================================
% java -version
java version "1.4.2_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32,
compiled mode)
% uname -a
Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686
athlon i386 GNU/Linux
% rpm -qa | grep openssh-server
openssh-server-3.9p1-8.RHEL4.12
This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other
versions of Java removed.
Local workstation (i.e. X11 server)
===================================
% uname -a
FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15
08:41:01 CST 2007
[email protected]:/usr/obj/usr/src/sys/somewhere i386
% ssh -v
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
% pkg_info -Ix xorg-server
xorg-server-6.9.0_3 X.Org X server and related programs
Thank you,
Brent Casavant

Remove a proxy setting via ssh or ARD?

Is it possible to delete a proxy config from the command line? I have looked at scutil, networksetup, ifconfig, ipconfig, systemsetup and scselet command, some of which will SHOW me a proxy config which is helpful, but I need to remove the proxy settings altogether.
Im going to be removing our proxy server this year (no more proxy), and will need to remove all proxy settings from all my Mac systems. Id like to script it somehow, or at least be able to do it remotely via ssh or ARD.

I dont think it works in Leopard. For example, when I type the related command:
"sudo networksetup -getwebproxy Ethernet"
I get the following answer:
Enabled: No
Server:
Port: 0
Authenticated Proxy Enabled: 0
(even though the proxy is configured and working and can be tested. Thus, networksetup doesnt have a clue about the proxy server configs in the Network system prefs pane.)
The "scutil --proxy" command does show me my current proxy configurations (similar to what the Network pres pane shows), but the command doesnt allow me to disable or delete them. Example:
<dictionary> {
ExceptionsList : <array> {
0 : *.local
1 : 169.254/16
ProxyAutoConfigURLString : http://wpad/proxy.pac
FTPPassive : 1
ProxyAutoConfigEnable : 1
HTTPEnable : 0
(I get the same response regardless if I type
"networksetup -setwebproxystate "Ethernet" off"
or
"networksetup -setwebproxystate "Ethernet" on"

I can not connect via SSH to a MacBook (the internal home network)

Hi all! There is an internal home network of three computers and Wi-Fi router. On the router and the computers with Win7 via SSH I go (with a MacBook) without problems, but on a MacBook with any other computer can not enter via SSH. What could be wrong?

ssh -v -v -v [email protected]
Do this once for a working system,
And once for a broken system.
Compare the output and see what is says where the broken system changes radically from the working system.
Also on the destination system look in the /var/log/secure.log file for sshd entries to see if the destination system is rejecting your connection and for what reason.
It is possible on the destination system to get even more information by changing the /etc/sshd_config file entry
#LogLevel INFO
to
LogLevel DEBUG3
then issue the command
sudo kill -HUP `/var/run/sshd.pid` # reload sshd configuration parameters

Neighbors Mac mini (10.3.9) was exploited via SSH

My neighbor called me a couple of weeks ago to say she couldn't log in to her mini. It wouldn't accept her password. I fixed it but last weekend the same thing happened again. I fixed it but decided to look around. I found a couple of perl files in her home folder, a few tgz files, and some software for running a shoutcast server. I knew right away someone had gained access to her machine. All because when I set her mini up, I turned Remote connectivity via SSH on. I checked her bash history file and found that someone had downloaded those files using the curl command from some Romanian sites. The files were definitely cracker related, although I don't remember exactly what the names were. I think one of them was spoofer or something like that.
I'm going to send an email to Apple on this in hopes that they add a security patch to 10.3.9.
I have since reinstalled OS X and NOT turned on Remote Connectivity.

Hi Dale,
   Are you saying that you think that Apple enables the finger daemon by default? I don't believe that to be the case. On Tiger, the /System/Library/LaunchDaemons/finger.plist file that ships with the system contains the following line:
<key>Disabled</key>
On Panther, the /etc/xinetd.d/finger file that ships with Panther contains the line:
disable = yes
Thus, on both systems, the fingerd daemon doesn't respond to finger requests from external systems. I tested that and the only thing that finger returns is the name of the remote system in square brackets.
   Also, the script kiddy attack to which I referred is nowhere near that sophisticated. I haven't actually read the script but the list of users it tries appears to always be the same. I agree with you that it might be possible to gain knowledge about the usernames on many systems, especially those running fingerd. However, excepting for finger and maybe LDAP, the methods for doing that would likely be different for different systems. This script goes for quantity instead of quality so it doesn't spend enough time on any one system to do any probing.
   As Michael says, Mac OS X ships with all services turned off, including fingerd. I don't think that Apple's firewall tool is of any use because it's "all-or-nothing". Opening a port to the world or blocking it is no different from turn the corresponding service on or off. However, I've never seen a GUI tool that did much better so I don't see that as a ding against Apple.
   I've read too many of your extremely knowledgeable posts to think that you rant arbitrarily. Of course people with such excellent reputations are allotted 5 random rants per calendar year here so you're allowed. If you post the details about the problems you're having, perhaps we could help. You should be able to solve almost any issues about services with a solid firewall.
Gary
~~~~
   Am I ranting? I hope so. My ranting gets raves.

TACACS auth working via SSH, but not HTTP (ACS 5.1 / 3560)

Experts,
My switches are able to successfully authenticate user access against ACS 5.1 via SSH with TACACS+, but I am not able to authenticate via HTTPS with TACACS+. I don't even get a log in ACS when attempting to authenticate via HTTPS.
Here is my AAA config, followed by a debug:
aaa new-model
aaa authentication login ACCESS group tacacs+ local
aaa authorization console
aaa authorization config-commands
aaa authorization exec ACCESS group tacacs+
aaa authorization commands 1 Priv1 group tacacs+ none
aaa authorization commands 15 Priv15 group tacacs+ none
aaa authorization network ACCESS group tacacs+
aaa accounting exec ACCESS start-stop group tacacs+
aaa accounting commands 0 ACCESS start-stop group tacacs+
aaa accounting commands 1 ACCESS start-stop group tacacs+
aaa accounting commands 15 ACCESS start-stop group tacacs+
aaa session-id common
ip http authentication aaa login-authentication ACCESS
ip http authentication aaa exec-authorization ACCESS
ip http authentication aaa command-authorization 1 Priv1
ip http authentication aaa command-authorization 15 Priv15
ip http secure-server
no ip http server
tacacs-server host X.X.X.X key 7
tacacs-server timeout 3
tacacs-server directed-request
Debug:
47w4d: HTTP AAA Login-Authentication List name: ACCESS
47w4d: HTTP AAA Exec-Authorization List name: ACCESS
47w4d: HTTP: Authentication failed for level 15
Shell authorization profiles are working in ACS when SSHing to devices (Priv1 and Priv15), and I can't figure out why its not working for HTTPS.
Any ideas?

Thank you for your response, here is the debug from the 3560:
BC-3560-48-6-1-1#
48w0d: HTTP AAA Login-Authentication List name: ACCESS
48w0d: HTTP AAA Exec-Authorization List name: ACCESS
48w0d: TPLUS: Queuing AAA Authentication request 0 for processing
48w0d: TPLUS: processing authentication start request id 0
48w0d: TPLUS: Authentication start packet created for 0(varnumd)
48w0d: TPLUS: Using server 10.10.0.16
48w0d: TPLUS(00000000)/0/NB_WAIT/458EDA8: Started 3 sec timeout
48w0d: TPLUS(00000000)/0/NB_WAIT: socket event 2
48w0d: TPLUS(00000000)/0/NB_WAIT: wrote entire 27 bytes request
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: Would block while reading
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 16 bytes data)
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: read entire 28 bytes response
48w0d: TPLUS(00000000)/0/458EDA8: Processing the reply packet
48w0d: TPLUS: Received authen response status GET_PASSWORD (8)
48w0d: TPLUS: Queuing AAA Authentication request 0 for processing
48w0d: TPLUS: processing authentication continue request id 0
48w0d: TPLUS: Authentication continue packet generated for 0
48w0d: TPLUS(00000000)/0/WRITE/4332F88: Started 3 sec timeout
48w0d: TPLUS(00000000)/0/WRITE: wrote entire 30 bytes request
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 6 bytes data)
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: read entire 18 bytes response
48w0d: TPLUS(00000000)/0/4332F88: Processing the reply packet
48w0d: TPLUS: Received authen response status PASS (2)
48w0d: TPLUS: Queuing AAA Authorization request 0 for processing
48w0d: TPLUS: processing authorization request id 0
48w0d: TPLUS: Inappropriate protocol: 25
48w0d: TPLUS: Sending AV service=shell
48w0d: TPLUS: Sending AV cmd*
48w0d: TPLUS: Authorization request created for 0(varnumd)
48w0d: TPLUS: Using server 10.10.0.16
48w0d: TPLUS(00000000)/0/NB_WAIT/4332E18: Started 3 sec timeout
48w0d: TPLUS(00000000)/0/NB_WAIT: socket event 2
48w0d: TPLUS(00000000)/0/NB_WAIT: wrote entire 46 bytes request
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: Would block while reading
48w0d: TPLUS(00000000)/0/READ: socket event 1
48w0d: TPLUS(00000000)/0/READ: read 0 bytes
48w0d: TPLUS(00000000)/0/READ/4332E18: timed out
48w0d: TPLUS: Inappropriate protocol: 25
48w0d: TPLUS: Sending AV service=shell
48w0d: TPLUS: Sending AV cmd*
48w0d: TPLUS: Authorization request created for 0(varnumd)
48w0d: TPLUS(00000000)/0/READ/4332E18: timed out, clean up
48w0d: TPLUS(00000000)/0/4332E18: Processing the reply packet
48w0d: HTTP: Authentication failed for level 15

Warning: Neighbors Mac mini (10.3.9) was exploited via SSH

My neighbor called me a couple of weeks ago to say she couldn't log in to her mini. It wouldn't accept her password. I fixed it but last weekend the same thing happened again. I fixed it but decided to look around. I found a couple of perl files in her home folder, a few tgz files, and some software for running a shoutcast server. I knew right away someone had gained access to her machine. All because when I set her mini up, I turned Remote connectivity via SSH on. I checked her bash history file and found that someone had downloaded those files using the curl command from some Romanian sites. The files were definitely cracker related, although I don't remember exactly what the names were. I think one of them was spoofer or something like that.
I'm going to send an email to Apple on this in hopes that they add a security patch to 10.3.9.
I have since reinstalled OS X and NOT turned on Remote Connectivity.

how strong of a password she used, etc.
More than likely she did something to compromise the
system.
FWIW, in another posting, he mentioned that the password was the same as the username, and that it wasn't very strong...
charlie

Disable Non-Root Connections to WindowServer via SSH

I recall that in previous versions of Mac OS, one could not start an application in another user's workspace via SSH unless they were root, e.g. by running /Applications/Safari.app/Contents/MacOS/Safari at the prompt. The error given was something about being unable to make a connection to the windowserver. Root privileges were required to do so.
However, I note that now in Mountain Lion I can run, for example, the previous command and my Safari will pop up in the session of the currently logged in user, neither of us being root or even administators.
Is there a way to revert to the old behaviour (without disabling Remote Login, obviously)? I note some potential for evil, e.g. "/Applications/Utilities/Vine\ Server.app/Contents/MacOS/Vine\ Server &" to start a VNC server and, violá! surreptitious monitoring/control of active session...

This was previously not possible.
It has always been possible via the open(1) command. In any case, that doesn't matter. SSH access is unlimited access, unless you allow only public-key logins and specify a command to be executed in the authorized_hosts file. There is no security issue here.

Using a CVS repository via ssh from a Windows Machine

I'm trying to set up a connection
via ssh to a CVS repository (on Linux) with JDev 9.0.5.1
(build 1605) on Windows. I'd like to use password to
authenticate myself to CVS repository.
Shay Shmeltzer pointed me to
http://helponline.oracle.com/jdeveloper/help/state?navSetId=jdeveloper&navId=4&vtTopicId=&vtTopicFile=jdeveloper/using_support_for_tbd/scm_p_settingupcvs.html
The solution explained there need access to the remote
server in order to insert the key in authorized_keys,
and we don't have this kind of access (the CVS repository
is not mantained by our company).
Do you think JDev will support password authentication
for CVS/ssh in some future release?
We're currently using WinCVS Client to access that
repository, and each time we connect to the
repository, a DOS windows appears asking us the password.
I guess that this could be a solution.
Thanks
--luca

We used to try to support popuping up the console, but that never worked too well from Java.
Here's some thoughts on the matter from an article at http://www.devguy.com/fp/cfgmgmt/cvs/cvs_ssh.htm
Hiding Your Password without Public Keys
If you want to avoid typing your password at the command line for each operation and don't have the ability to put your public key on the SSH server...
1. Create the following one-line Perl script and save it as my_ssh_cvs.pl
system("plink.exe", "-ssh", "-pw", "YOURPASSWORD", @ARGV);
2. Use PERL2EXE or ActiveState's perldevkit (perlapp -f my_ssh_cvs.pl) to create an executable from the script, e.g., my_ssh_cvs.exe
3. Delete my_ssh_cvs.pl
4. Run WinCVS
5. Select Admin/Preferences...
6. Click Settings... (for the ssh protocol)
7. Click "If ssh is not in the PATH" and enter my_ssh_cvs.exe
8. For "additional SSH options", leave it blank
(however use the external locator in the connection wizard in JDeveloper to locate the my_ssh_cvs.exe)
(note: this isn't officially suppported nor endorsed)
Rob
Team JDev

String cisco commands together (sh via ssh)

Similar Messages

Maybe you are looking for