Best IT Recipes

Write a shell script in ssh to a remote machine and execute commands

I have two questions:

  • There are several remote Linux machines, and I need to write a shell script that will execute the same set of commands on each machine. (Including some sudo operations). How can this be done with shell scripts?
  • When ssh'ing on a remote computer, how to handle it when it asks for RSA fingerprint authentication.

Remote computers are virtual machines created on the go, and I only have their IP addresses. Therefore, I cannot place the script file in advance on these machines and execute them from my machine.

+76
linux shell ssh
Dec 18 '12 at 7:15
source share
6 answers

There are several remote Linux machines, and I need to write a shell script that will execute the same set of commands on each computer. (Including some sudo operations). How can this be done with shell scripts?

You can do this with ssh, for example:

#!/bin/bash USERNAME=someUser HOSTS="host1 host2 host3" SCRIPT="pwd; ls" for HOSTNAME in ${HOSTS} ; do ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}" done

When ssh'ing on a remote computer, how to handle it when it asks for RSA fingerprint authentication.

You can add the StrictHostKeyChecking=no option to ssh:

 ssh -o StrictHostKeyChecking=no -l username hostname "pwd; ls"

This will disable host key verification and automatically add the host key to the list of known hosts. If you do not want the host to be added to the known hosts file, add the -o UserKnownHostsFile=/dev/null option -o UserKnownHostsFile=/dev/null .

Note that this disables certain security checks , such as protection against a man-in-the-middle attack. Therefore, it should not be used in a safety-sensitive environment.

+117
Dec 18 '12 at 7:28
source share

There are several ways to handle this.

My favorite way is to install http://pamsshagentauth.sourceforge.net/ on remote systems, as well as your own public key. (Think about how to install them in a virtual machine, somehow you have the whole Unix system installed, what are a few more files?)

When forwarding your ssh agent, you can log in without a password.

And even better, the pam module will authenticate to sudo with your ssh key pair so that you can work with root privileges (or any other users) as needed.

You do not need to worry about interacting with the host key. If the input is not a terminal, then ssh will simply limit your ability to forward agents and authenticate passwords.

You should also look into packages like Capistrano. Definitely inspect this site; It has an introduction to the remote script.

Personal script lines might look something like this:

 ssh remote-system-name command arguments ... # so, for exmaple, ssh target.mycorp.net sudo puppet apply
+4
Dec 18 '12 at 8:10
source share

Install sshpass with apt-get install sshpass , then edit the script and put your IP addresses, usernames and password in Linux in the appropriate order. After that run the script. This is it! This script will install VLC on all systems.

 #!/bin/bash SCRIPT="cd Desktop; pwd; echo -e 'PASSWORD' | sudo -S apt-get install vlc" HOSTS=("192.168.1.121" "192.168.1.122" "192.168.1.123") USERNAMES=("username1" "username2" "username3") PASSWORDS=("password1" "password2" "password3") for i in ${!HOSTS[*]} ; do echo ${HOSTS[i]} SCR=${SCRIPT/PASSWORD/${PASSWORDS[i]}} sshpass -p ${PASSWORDS[i]} ssh -l ${USERNAMES[i]} ${HOSTS[i]} "${SCR}" done
+4
Oct 11 '17 at 10:26 on
source share

If you can write Perl code, you should consider using Net :: OpenSSH :: Parallel .

You could describe the actions that must be performed on each node in a declarative way, and the module will take care of all the scary details. Commands using sudo also supported.

+2
Dec 18
source share

For this kind of tasks, I reuse Ansible, which allows you to consistently duplicate bash scripts in multiple containers or virtual machines. Ansible (more precisely, Red Hat) now has an additional AWX web interface , which is a version of their open source commercial tower.

Ansible: https://www.ansible.com/
AWX: https://github.com/ansible/awx
Ansible Tower: a commercial product, you are probably the first to explore the free open source AWX, rather than the 15-day free Tower itinerary

0
Apr 09 '19 at 12:26
source share

You can follow this approach:

  • Connect to a remote computer using Expect Script . If your machine does not support waiting, you can load it. Writing a Pending script is very simple (google to get help on this)
  • Put all the actions that need to be performed on the remote server in a shell script.
  • Calling the remote shell script from the expected script after successful login.
-one
Dec 18 '12 at 7:21
source share


More articles:


All Articles