-2

I'm trying to use an ssh command to ssh to a server and run theuseradd command I passed to it. It seems like its running ok for the most part (no errors produced) but the hashed password in the /etc/shadow file is missing the salt (I believe that's the portion that's missing.).

I'm not sure if the quoting that is incorrect or not. But running this command manually on the server works fine, so I'm assuming its the expansion that's messed up.?

The command below is running inside a Bash script...

Command:

ssh user@$host "useradd -d /usr/local/nagios -p $(perl -e 'print crypt("mypassword", "\$6\$salt");') -g nagios nagios && chown -R nagios:nagios /usr/local/nagios"

*When I escape the double quotes inside the perl one-liner, I get the error:

Can't find string terminator '"' anywhere before EOF at -e line 1.

Usage: useradd [options] LOGIN

Any idea what I'm doing wrong here?

Community
  • 1
  • 1
Matt
  • 413
  • 1
  • 10
  • 16

2 Answers2

1

Instead of enclosing the entire command in double-quotes and making sure to correctly escape everything in it, it will be more robust to use single-quotes, and handle embedded single-quotes as necessary. In fact there are no embedded single-quotes to handle, only the embedded literal $ in the $6$salt.

ssh "user@$host" 'useradd -d /usr/local/nagios -p $(perl -e "print crypt(q{mypassword}, q{\$6\$salt});") -g nagios nagios && chown -R nagios:nagios /usr/local/nagios'
janos
  • 120,954
  • 29
  • 226
  • 236
  • 1
    Perl conveniently gives you generalized quotes so there is no need to use either single or double quotes in the Perl snippet. `perl -e 'print crypt(q{mypassword}, qq{$6$salt}});'` and with a bit of obfuscation you can even squeeze out the remaining whitespace so you don't need to quote the script at all. – tripleee Dec 07 '17 at 19:34
  • Thanks @tripleee, that indeed allows for some simplifications – janos Dec 07 '17 at 19:40
  • Thanks Guys, much appreciated! I'm getting an error returned from useradd, well not an error but an incorrect command since its just return the useradd help info. I tried `ssh user@host 'useradd -d /usr/local/nagios -p $(perl -e "print crypt(q{mypassword}, q{$6$salt});")' -g nagios nagios` – Matt Dec 07 '17 at 19:54
  • @Matt it probably doesn't just output the help info. Take a closer look, especially the first few lines. Usually that's where they write the error message. Actually I see what is wrong. You did not execute the code in my answer. You did not unquote around `$6$salt`. And as such, those variables are probably empty in the `ssh` shell. And if they are empty, that's an improper salt, and `crypt` will return an empty string. If `crypt` returns empty string, then the value of the `-p` parameter for `useradd` will be empty, which is invalid (probably that's your error message). – janos Dec 07 '17 at 20:04
  • When I run the script containing this command: `ssh "user@$host" 'useradd -d /usr/local/nagios -p $(perl -e "print crypt(q{mypassword}, q{'"$6$salt"'});") -g nagios nagios && chown -R nagios:nagios /usr/local/nagios'` I get the output: "> ./install.sh myHost Usage: useradd [options] LOGIN useradd -D useradd -D [options] Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account ...cut...." – Matt Dec 07 '17 at 20:10
  • @Matt strange, the error message should come right before the line with `Usage: ...`. Anyway, is `$6` and `$salt` defined before the `ssh` call? Please verify by adding some `echo` statements. – janos Dec 07 '17 at 20:22
  • Do you mean like if I accidentally set a value to "salt" or "6"..? If so, I added some echo cmds to print "$6" and "$salt" and they're not set to anything. So I simplified the ssh cmd slightly and ran the command that seemed to slightly work, and this was the cmd in the script `ssh user@$host "useradd -d /usr/local/nagios -p $(perl -e 'print crypt(q{mypassword}, q{$6$salt});') nagios"` and it does create the user but, this portion is missing from the shadow file **$6$salt$F6X.** I guess its thinking "$6", "$salt" and "$F6X." are empty variables? **EDIT:** Sorry, the "." period is in the shadow – Matt Dec 07 '17 at 20:33
  • 1
    @Matt It seems there is a misunderstanding here. So `$6` and `$salt` are not shell variables? That's literally the salt? In that case, we need to quote differently: `ssh "user@$host" 'useradd -d /usr/local/nagios -p $(perl -e "print crypt(q{mypassword}, q{\$6\$salt});") -g nagios nagios && chown -R nagios:nagios /usr/local/nagios'` – janos Dec 07 '17 at 20:55
  • Ahhhhh, thank you @janos ! That worked... I'm pretty sure I tried escaping the $6 and $salt in one iteration, but I guess my quotes were not correct. Thanks Again, and sorry for the confusion, its my first time using hashing, salt, etc... – Matt Dec 07 '17 at 21:05
  • @Matt if this answer your question, then perhaps you can mark it as the accepted answer (+ an upvote would be nice too) – janos Dec 08 '17 at 19:59
0
echo "useradd -d /usr/local/nagios -p $(perl -e 'print crypt("mypassword", "\$6\$salt");') -g nagios nagios && chown -R nagios:nagios /usr/local/nagios" > /tmp/tempcommand && scp /tmp/tempcommand root@server1:/tmp && ssh server1 "sh -x /tmp/tempcommand && finger nagios && rm /tmp/tempcommand"

In such cases I always prefer to have a local file on the local/remote server from which I execute the command set. Saves a lot of "quotes debugging time". What I am doing above is first to save the long one-liner to a file locally, "as is" and "as works" locally, copy it over with scp to the remote server and execute it there with the shell. More secure way (no need to copy over the file). Again - save it locally and pass it to the remote bash with -s option :

echo "useradd -d /usr/local/nagios -p $(perl -e 'print crypt("mypassword", "\$6\$salt");') -g nagios nagios && chown -R nagios:nagios /usr/local/nagios" > /tmp/tempcommand && echo finger nagios >> /tmp/tempcommand && ssh server1 'bash -s' < /tmp/tempcommand
Kalin
  • 1
  • 3
  • 1
    Welcome to StackOverlfow. That's a long line. Can you explain what's happening inside of it? https://stackoverflow.com/help/how-to-answer – chicks Dec 07 '17 at 23:04
  • @Matt WOW, 293 characters! Nobody has time to try and understand that, not even the OP as it seems. – zaph Dec 07 '17 at 23:24