Re: Login Script

Any suggestions on how I would complete the above would be greatly appreciated?

Do some research perhaps? Hire someone to do it for you? Hope someone does it for you based on the above spec? This sort of thing is a very commonly (solved) problem so why don't you have a look at Super Search for terms like 'SSH' or 'remote exec' where you will find gems like Moving around with password protected machines amongst many others. On the module front look at Net::SSH and all its friends. There is also Expect but you probably won't need it.

There is nothing you can do to make normal Telnet secure, that is why SSH exists. Login is plaintext. There are 'secure' telnet servers that use Kerebos but why would you not use SSH? You can't 'encrypt' with MD5 it is a non reversible hashing algorithm. SSH uses RSA.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Comment on Re: Login Script

Replies are listed 'Best First'.
Re: Re: Login Script by /dev/null (Chaplain) on Sep 22, 2003 at 12:57 UTC
Thanks tachyon, Articles I have found do not come close to doing the required actions I've listed in this node. I usually do my research before throwing myself to the wolves. In a perfect environment I would be able to ssh to every box, but I may need to use telnet when SSH is not installed. How would it be possible to ftp my ssh key to the box and su to root without using Expect? Any examples? /dev/null	[reply]
Re: Re: Re: Login Script by tachyon (Chancellor) on Sep 22, 2003 at 13:22 UTC
Many of the articles I have found on this site do not come close to doing the required actions I've listed in my article. Well given that some of them are technically impossible (as pointed out) ie encrypt your Telnet session that is perhaps not surprising. Actually there are examples of everything you want here and all over the web. Remote administration if not all that new you know. Unless you are on Win32. Net::FTP will let you FTP in (one protocol with all its restrictions). Net::Telnet will let you telnet in and isssue arbitray commands. You need Net::Telnet if you can't use Net::SSH. If you have to do 1700 boxen the simplest way to do it is to put up a web server, encrypt your ssh key with some decent algoritm that will be available on your boxen then stick the encrypted file in the server root. Then just telnet in, cd to the correct dir, use wget to pull the file down then decrypt it. Perhaps use wget to get ssh and then issue the commands to install it as well if need be. Perhaps use wget to pull (and Net::Telnet to issue the install commands) for Crypt::CBC and Crypt::Blowfish or similar so you can decrypt your ssh key using a perl command line call. Repeat ad infinitum. If you have currently only been using Telnet to get into all your boxen and they have public Internet interfaces it is probable that at least one if not many are compromised. This is a significant issue due to the fact that when you use ssh keys for authentication your security is only as good as the weakest link. Compromise one box, compromise all. If you read the docs for Net::Telnet you will find plenty of examples. In the examples section ;-) Seriously, the Net::Telnet docs are extensive. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]