Community discussions

MikroTik App
 
keyper
just joined
Topic Author
Posts: 1
Joined: Thu Jan 05, 2023 1:20 pm

SSH via scripts

Thu Jan 05, 2023 2:36 pm

Hi there,

Recently I need to change the tunnel IP on a remote linux that is connected to my local CHR Routers via IPIP tunnel, as unfortunately my local ip will change every week. I was hoping to use script to ssh login to the remote linux. I wrote the script and could run it from a terminal, but can't put it in a script and let it run automatically when local ip updates.

I have searched and found "anything interactive will not run in a script or scheduler". I'm wondering what's the reason behind this limit. Since this doesn't work then what's the best solution?

Thanks.
 
tomislav91
Member
Member
Posts: 312
Joined: Fri May 26, 2017 12:47 pm

Re: SSH via scripts

Wed Jan 11, 2023 2:14 pm

Hi there,

Recently I need to change the tunnel IP on a remote linux that is connected to my local CHR Routers via IPIP tunnel, as unfortunately my local ip will change every week. I was hoping to use script to ssh login to the remote linux. I wrote the script and could run it from a terminal, but can't put it in a script and let it run automatically when local ip updates.

I have searched and found "anything interactive will not run in a script or scheduler". I'm wondering what's the reason behind this limit. Since this doesn't work then what's the best solution?

Thanks.
The reason why interactive commands do not work in a script or scheduler is that they require user input to run. For example, a command that prompts the user for a password will not work in a script because the script does not have the ability to provide that password. Similarly, SSH requires authentication, which typically involves a password or SSH key. So, if you have a script that runs the command ssh root@remote-linux-ip, it will not work because the script cannot provide the password or key required to authenticate the connection.

There are a few solutions to this problem, one common method is to use SSH key-based authentication instead of password-based authentication. This method allows you to establish an SSH connection without providing a password. To set up key-based authentication, you will need to generate a public-private key pair on the local machine, and then add the public key to the remote Linux server. After that, when you run the script to connect to the remote Linux server, it will use the private key to authenticate the connection, eliminating the need for a password.

Another solution is to use ssh-keygen and ssh-copy-id command, by running this command in your local machine:

ssh-keygen -t rsa
ssh-copy-id remote-linux-username@remote-linux-ip
This will create a key on your local machine, then it will copy the public key to the remote Linux, once the key is copied, you should be able to ssh to remote Linux without a password.

A third solution would be to use Expect, a scripting language that enables automation of terminal applications, with expect you can automate the ssh login by providing the password and other user inputs needed.

Finally, depending on what exactly you are trying to achieve, you might consider using a network protocol other than SSH, such as Remote Procedure Call (RPC) to automate your process.

In summary, SSH requires an interactive user to provide authentication information which makes it hard to automate with a script, however, there are a few ways to get around this limitation, such as using key-based authentication or Expect tool that makes automation of terminal applications possible.
 
illunis
just joined
Posts: 1
Joined: Mon Aug 10, 2020 2:17 pm

Re: SSH via scripts

Wed Jan 18, 2023 12:30 pm

I want to hijack this thread and i think keyper has the same kind of issue.
I try to ssh into my linux box from a dhcp lease script, to create DNS entries inside a samba-dc, and can't figure out how to do this.

I am stuck at the connection :(

I imported a private ssh-key for the admin user and trusted it on the server.

If i run the script manual or use ssh-exec manual from the terminal all is fine.
I think the Router (RB5009) uses another key if i use the same script as DHCP-lease-script, but i can't find it.

Has anyone a hint for me?

the simple script:
{
	:do {
		:if ($leaseBound = 1) do={
			/system ssh-exec address=10.0.0.10 user=root command="ip addr > lalala.txt"
		}
	} 
}