HPE Community
Operating System - HP-UX
1836807 Members
2691 Online
110110 Solutions
New Discussion

Remote copying and shells

 
SOLVED
Go to solution
Keith Meloy_1
Occasional Advisor

‎11-17-2003 06:59 PM

‎11-17-2003 06:59 PM

Remote copying and shells

I have 30 workstations on an isolated network and because of security restrictions I am not allowed to set up rhosts or hosts.equiv for either root or ordinary users.
There is no file server and no remote mounting allowed, but I still need to keep several files (eg. /etc/bootptab) the same on all machines.
At present I am using FTP to copy files round each machine individually, but this is painful! Is there any way of writing a script such that it will prompt for a password on the remote system and then allow me to copy files?
I know that ignite-UX does something like this because at one point when booting a new client you get the line "Do you want bootsys to set the .rhosts file on that system at this time". I have looked through lots of books but cannot find how top do this (maybe I am looking in the wrong place!).
Please can anyone help?
0 Kudos
Reply
11 REPLIES 11
Christian Gebhardt
Honored Contributor

‎11-17-2003 07:26 PM

‎11-17-2003 07:26 PM

Re: Remote copying and shells

There are several ways to transfer files to different hosts:

- my most preffered method: scp with ssh-agent: you have to install ssh generate a Passphrase and via ssh-agent you can connect to each server (look at man ssh or search this forum)
- with ftp you can use .netrc to automate the transfer (look at man netrc)
- you can use a perl-script

something like this (you have to write a loop):

#!/opt/perl/bin/perl
use Net::FTP;
use File::Listing;
$dir = "/pub";
$host = "";
$localdir = ""
$ftp = Net::FTP->new($host, Timeout => 60 , Passive => 1);

chdir $localdir or die "Could not Changedir to $localdir \n";

if (! $ftp) {
$mmsg1 = "*** Host not found.\n";
$mmsg2 = "*** Error: $@\n";
print $mmsg1;
print $mmsg2;
return 0;
}

if ( ! $ftp->login("","password")) {
$mmsg1 = "\n*** Login failed";
print $mmsg1;
return 0;
}

$ftp->pwd();
if( ! $ftp->cwd($dir)) {
$mmsg1 = "\n*** cd failed";
print $mmsg1;
exit 0;
}

if( ! $ftp->binary()) {
$mmsg1 = "\n*** binary failed";
print $mmsg1;
return 0;
}

if( $ftp->put($name)) {
$mmsg1 = "\n*** put failed";
print $mmsg1;
return 0;
}
...
0 Kudos
Reply
Graham Cameron_1
Honored Contributor

‎11-17-2003 07:35 PM

‎11-17-2003 07:35 PM

Re: Remote copying and shells

Or you could download a copy of expect and write an expect script to invoke FTP for you. It would have to have unencrypted passwords though, this may be unacceptable in your environment.

http://expect.nist.gov/

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
0 Kudos
Reply
Madhu Sudhan_1
Respected Contributor

‎11-17-2003 07:49 PM

‎11-17-2003 07:49 PM

Re: Remote copying and shells

Keith Meloy ,
You can make use of ssh key based authentication and with a master copy of files, you can just scp the files if they are not in sync with your master copy. In this method no passwords asked. Yet secured.

Enjoy !!
Madhu
Think Positive
0 Kudos
Reply
Keith Meloy_1
Occasional Advisor

‎11-17-2003 07:57 PM

‎11-17-2003 07:57 PM

Re: Remote copying and shells

I cannot find any documentation on ssh /scp(I tried man ssh), I have never used it before. Is it add-on to standard HP-UX?
Where can I look for an "idiots guide". By the way I am running Trusted 10.20 on these machines
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎11-17-2003 08:13 PM

‎11-17-2003 08:13 PM

Re: Remote copying and shells

Hi

you have to install ssh on each server/workstation, it's not part of HPUX basic installation.
In this thread you'll find information and links to download several ssh-implementation.

On HP-UX 10.20 we used openssh2.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=131717

Chris
0 Kudos
Reply
Madhu Sudhan_1
Respected Contributor

‎11-17-2003 08:24 PM

‎11-17-2003 08:24 PM

Re: Remote copying and shells

Go http://www.openssh.com. I assumed that ssh may be part of your environment. To go with this idea of using scp with key based authentication, you will have to install ssh on all the machines you have in your environment. Iam not sure if it is feasible for you. But a detailed procedure is outlined here Go http://www.csse.uwa.edu.au/~ryan/tech/ssh-no-password.html

Thank you,
Madhu
Think Positive
0 Kudos
Reply
Keith Meloy_1
Occasional Advisor

‎11-17-2003 09:48 PM

‎11-17-2003 09:48 PM

Re: Remote copying and shells

I have looked at ssh documentation (thanks to all), but I am told by security accreditors that this is not acceptable, because if you are accredited on one machine you can get on all others where set up. They will only allow something which prompts for password (like bootsys/ignite does).
Any ideas? (or do I stick to my current laborious way of doing it!)
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎11-17-2003 10:08 PM

‎11-17-2003 10:08 PM

Re: Remote copying and shells

Keith,

with SSH you still can execute comparably safe remote commands or do remote file copies even if you automate things.
It is at least safer than vanilla telnet or ftp sessions.
With SSH you can do RSA authentification.
Together with an ssh-agent you even avoid the risk of leaving public RSA keys on your remote login hosts.
Instead in your script you start an ssh-agent and supply it with all the public RSA keys that you require for the remote logins.
The remote SSH servers will then query your ssh-agent for the RSA keys (provided they are configured to allow this).
This is still safer than the other solutions I would say.
Please, consult the manpage of ssh-agent for details.
Madness, thy name is system administration
0 Kudos
Reply
Laurent Menase
Honored Contributor

‎11-18-2003 01:31 AM

‎11-18-2003 01:31 AM

Solution

Re: Remote copying and shells

tar cf - ./dir1/file1 ./dir2/file2 /dir3/file3| rexec mytarget "cd /targerdir ; tar xvf -"

This can be used with pax, cpio, cat,

Else you can write a script around ftp to do it

for instance
#!/usr/bin/ksh
ftp -v -n 2>&1 |&
exec 3>&p 4<&p
stty -echo
read passwd
state=0
echo open hpfrcu08 >&3
echo user ftp $passwd >&3
while read -u4 a b
do
echo ".$a.$b."
case $state in
0)
if [ "$a" = 230 ]
then
echo cd /pub >&3
state=1
fi
;;
1)
if [ "$a" = 250 ]
then
echo lcd /tmp >&3
echo get go >&3
state=2
fi
;;
2)
if [ "$a" = 226 ]
then
echo quit >&3
state=3
fi
;;
esac
done
Reply
Michael Schulte zur Sur
Honored Contributor

‎11-18-2003 02:28 AM

‎11-18-2003 02:28 AM

Re: Remote copying and shells

Hi,

create two files with the list of files, you want to copy and the list of hosts.

greetings,

Michael

#!/bin/ksh
stty -echo
echo "passwd:\c"
read PASSWORD
stty echo
while read HOSTNAME
do
while read FILENAME
do
FILE=`basename ${FILENAME}`
DIR=`dirname ${FILENAME}`
ftp -i -n ${HOSTNAME}<user root ${PASSWORD}
cd ${DIR}
lcd ${DIR}
put ${FILE}
EOF
done < filelist
done < hostlist
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎11-18-2003 05:42 PM

‎11-18-2003 05:42 PM

Re: Remote copying and shells

Hi

notice:
- if you use ftp, cpio, rexec, telnet, ... your password is not encrypted over the network
- you have to remember 30 passwords(I hope you have different passwords on each machine). If you are using the same password or an algorithm or a "password-file" to remember 30 passwords, it is much more secure using RSA-Authentification with one Passphrase.

Chris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.