2017-07-07

Using shpass and ssh-copy-id

I am about to do some little automation on getting information for 200+ Linux servers (and few Solaris boxes too), basically checking if the server has Samba installed and if it is vulnerable to CVE-2017-7494 so I used the script I got.  But of course this can be easily done with any vulnerability scanner like Qualys or Rapid7 (this article seems cool as Metasploit module has been released since 25th of May).

  • Most servers are authenticated via LDAP.
  • Few servers are restricted to country where I reside, and it seems to have a local account only (so I need to manually keep track on them).
  • I will use SSH for key-less login.

mmond@nx05[42]:~> ls -l ~/.ssh/
total 280
-rw------- 1 mmond domain users    407 Jan 30 10:01 authorized_keys
-r-------- 1 mmond domain users     25 Jul  6 23:33 config
-rwx------ 1 mmond domain users   1679 Jan 12 09:48 id_rsa
-rwx------ 1 mmond domain users    407 Jan 12 09:48 id_rsa.pub
-rwx------ 1 mmond domain users 269770 Jul  6 23:37 known_hosts
mmond@nx05[42]:~> chmod 0400 ~/.ssh/id_rsa*
mmond@nx05[42]:~> ls -l ~/.ssh/id_rsa.pub
-r-------- 1 mzmo domain users 407 Jan 12 09:48 /home/AD/mmond/.ssh/id_rsa.pub
mmond@nx05[42]:~> echo "$Jr80UizAC3" > Notes/cust/net/mit_pwd
mmond@nx05[42]:~> chmod 0400 Notes/cust/net/mit_pwd
mmond@nx05[42]:~> for i in $(cat Notes/cust/net/servers.list); do sshpass -f Notes/cust/net/mit_pwd ssh-copy-id -i /home/ADNOC/mmond/.ssh/id_rsa.pub -o StrictHostKeyChecking=no nnit-mmond@$i; done
....
....
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh -o 'StrictHostKeyChecking=no' 'nnit-mmond@taipei.net.hosted-global.local'"
and check to make sure that only the key(s) you wanted were added.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
mmond@nx05[42]:~> rm -rf Notes/cust/net/mit_pwd

All set. =)  I have removed my password since I won't be needing it.  So now, I will check if these Solaris boxes have Samba installed using the svcs command.  But I hope I can come up with another approach.

mmond@nx05[42]:~> for i in $(cat Notes/cust/net/temp.out)
> do
> ssh -q nnit-mmond@$i -t 'hostname; if (("$(sudo svcs | grep -i samba | wc -l)" <= 0)) ; then echo "Samba is not installed"; fi';
> done  

And from the above, all Solaris boxes do not have Samba installed which is good!

In addition, Oracle Support supplemented me with the following information (and they are  not providing any vulnerability script check just as what I got from Red hat):

Doc ID 1448883.1 (asks for Oracle login credentials) lists the fixes for this and other security alerts.

In short, in Solaris 11.3 the fix has been incorporated into sru20.6, so if you are running an sru with a higher(or equal to)  number than that you have our fix for the issue.

For Solaris 10, the following patches are available

sparc: 119757-40
x86: 119758-40

We will not be supplying a script to test for vulnerability.

No comments:

Post a Comment