Easy SSH Automation
A script a day will allow you some freedom to play and build other useful and more complicated scripts. Every day, I attempt to make my life easier—by this I mean, trying to stop doing the repetitive tasks. If a process is repeatable; it can be scripted and automated. The idea to automate everything is not new, but try automating a command on a remote host.
SSH is very flexible, and it comes with many options. My absolute favorite is
its ability to let you run a command on a remote server by passing the
-t
flag. An example:
ssh -t adam@webserver1.test.com 'cat /etc/hosts'
This will ssh
to webserver1.test.com, then run cat
/etc/hosts
in your shell
and return the output.
For efficiency, you could create an SSH key pair.
It's a simple process to create a passwordless public and a private
key pair. To set this up, use ssh-keygen
, and accept the defaults ensuring you
leave the password blank:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/adam/.ssh/id_rsa): y
Enter passphrase (empty for no passphrase): LEAVE BLANK
Enter same passphrase again:
Your identification has been saved in /home/nynet/.ssh/id_rsa.
Your public key has been saved in /home/nynet/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jUxrQRObADE8ardXMT9UaoAcOcQPBEKGU622646P8ho
↪adam@webserver1.test.com
The key's randomart image is:
+---[RSA 2048]----+
|B*++*Bo.=o |
|.+. |
|=*= |
+----[SHA256]-----+
Once completed, copy the public key to the target server. To do this, use
ssh-copy-id
:
ssh-copy-id adam@webserver1.test.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/adam/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
↪to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if
↪you are prompted now it is to install the new keys
adam@webserver1.test.com's password: ********
Number of key(s) added: 1
You will be asked for the password of the target server.
If you have set this up correctly, you won't be asked for your password
next time you ssh
to your target.
Execute the original example. It should be quicker now that you don't need to enter your password.
If you have a handful of servers and want to report
the running kernel versions, you can run uname -r
from the command line, but
to do this on multiple devices, you'll need a script.
Start with a file with a list of your servers, called server.txt, and then run your script to iterate over each server and return the required information:
#!/bin/bash
if [ -f server.txt ]; then
for server in $(cat server.txt); do
ssh -t adam@$server '
echo $(uname -r) '
done
else
echo 'No server.txt file'
fi
The if
statement is checking to ensure that there's a file called server.txt. The
for
loop creates the variable called server
for
each target in server.txt,
it then connects and fetches the kernel information.
In conclusion, with slight modifications, you can have an army of scripts to run in cron or manually; these scripts will become your toolbox to freedom.