Full-service Internet Marketing & Web Development
Recent Posts
Sponsors
 |
SSH no password without any private keys. It's magic!Michel Nadeau, 10-08-2009 |
We all know that one can configure SSH to login automatically by adding the client's public key to the server's ~/.ssh/authorized_keys file. But what if you need to run commands on 200 machines and don't want to login to every single machine to add the key? Search no more, this tutorial has the answer!
1. Installing sshpass
sshpass is a tool for non-interactivly performing password authentication with SSH's so called "interactive keyboard password authentication".
Here's a standard SSH connect command:
First you have to answer "yes" to accept the host key and then to enter the password.
With sshpass, you are able to specify the password on the command line and skip this step. Here's how to install it:
sshpass is now ready to be used!
2. Using sshpass
The sshpass' syntax is:
So instead of doing:
You can simply do:
You will be automatically logged in, without any password prompt:
3. Automatically accepting host keys
The last problem is this prompt:
When you're using sshpass to connect on a single machine that you use often, it's not a big deal because you will get the prompt once and never again after. But if you want to connect to 200 machines, you definitely don't want to type "yes" 200 times.
To fix this issue, simply add this line in /etc/ssh/ssh_config on the CLIENT machine:
With this setting enabled, SSH will automatically accept the host keys and will not prompt you about it.
4. Automating the process
This section will show you how to easily automate the process of running commands on any number of machines you want.
First you will need a file containing the hostname, username and password for each of the servers you want to run commands on, in a CSV format. For example:
ssh_magic.csv:
Then you will create this bash script:
ssh_magic.sh:
Simply place ssh_magic.csv and ssh_magic.sh together and run the script.
Conclusion
You now know how to run commands on any number of SSH machines, without any prompt! Make sure you check the other ways to pass the password to sshpass - they offer more secure ways than directly on the command line with the -p option.
1. Installing sshpass
sshpass is a tool for non-interactivly performing password authentication with SSH's so called "interactive keyboard password authentication".
Here's a standard SSH connect command:
debian_I:~# ssh -l root localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is b4:e9:e7:56:a2:b4:89:9b:d8:fd:7e:8e:f1:e4:1d:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
root@localhost's password:
Last login: Thu Oct 8 09:35:41 2009 from localhost
Linux debian_I 2.6.18-6-686 #1 SMP i686
debian_I:~#
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is b4:e9:e7:56:a2:b4:89:9b:d8:fd:7e:8e:f1:e4:1d:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
root@localhost's password:
Last login: Thu Oct 8 09:35:41 2009 from localhost
Linux debian_I 2.6.18-6-686 #1 SMP i686
debian_I:~#
First you have to answer "yes" to accept the host key and then to enter the password.
With sshpass, you are able to specify the password on the command line and skip this step. Here's how to install it:
mkdir -p /usr/local/src/
cd /usr/local/src/
wget http://downloads.sourceforge.net/project/sshpass/sshpass/1.04/sshpass-1.04.tar.gz?use_mirror=iweb
tar xvfz sshpass-1.04.tar.gz
cd sshpass-1.04
./configure
make
make install
cd /usr/local/src/
wget http://downloads.sourceforge.net/project/sshpass/sshpass/1.04/sshpass-1.04.tar.gz?use_mirror=iweb
tar xvfz sshpass-1.04.tar.gz
cd sshpass-1.04
./configure
make
make install
sshpass is now ready to be used!
2. Using sshpass
The sshpass' syntax is:
sshpass -p [password] [ssh command]
So instead of doing:
ssh -l root localhost
You can simply do:
sshpass -p myrootpass ssh -l root localhost
You will be automatically logged in, without any password prompt:
debian_I:~# sshpass -p myrootpass ssh -l root localhost
Last login: Thu Oct 8 09:52:04 2009 from localhost
Linux debian_I 2.6.18-6-686 #1 SMP i686
debian_I:~#
Last login: Thu Oct 8 09:52:04 2009 from localhost
Linux debian_I 2.6.18-6-686 #1 SMP i686
debian_I:~#
3. Automatically accepting host keys
The last problem is this prompt:
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is b4:e9:e7:56:a2:b4:89:9b:d8:fd:7e:8e:f1:e4:1d:9f.
Are you sure you want to continue connecting (yes/no)? yes
RSA key fingerprint is b4:e9:e7:56:a2:b4:89:9b:d8:fd:7e:8e:f1:e4:1d:9f.
Are you sure you want to continue connecting (yes/no)? yes
When you're using sshpass to connect on a single machine that you use often, it's not a big deal because you will get the prompt once and never again after. But if you want to connect to 200 machines, you definitely don't want to type "yes" 200 times.
To fix this issue, simply add this line in /etc/ssh/ssh_config on the CLIENT machine:
StrictHostKeyChecking=no
With this setting enabled, SSH will automatically accept the host keys and will not prompt you about it.
4. Automating the process
This section will show you how to easily automate the process of running commands on any number of machines you want.
First you will need a file containing the hostname, username and password for each of the servers you want to run commands on, in a CSV format. For example:
ssh_magic.csv:
someserver.com,root,123456
someotherserver.com,sshadmin,abcdef
onelastserver.com,root,123456
someotherserver.com,sshadmin,abcdef
onelastserver.com,root,123456
Then you will create this bash script:
ssh_magic.sh:
#!/bin/sh
# Loop ssh_magic.csv
for LINE in $(cat ssh_magic.csv)
do
# Split line
host=$(echo $LINE | cut -d "," -f1)
user=$(echo $LINE | cut -d "," -f2)
pass=$(echo $LINE | cut -d "," -f3)
# Display server info
echo ""
echo "HOSTNAME: $host"
echo ""
# Run commands
sshpass -p $pass ssh -l $user $host "uname -a"
sshpass -p $pass ssh -l $user $host "df -h"
echo ""
echo "===================================="
done
echo ""
echo "DONE"
echo ""
# Loop ssh_magic.csv
for LINE in $(cat ssh_magic.csv)
do
# Split line
host=$(echo $LINE | cut -d "," -f1)
user=$(echo $LINE | cut -d "," -f2)
pass=$(echo $LINE | cut -d "," -f3)
# Display server info
echo ""
echo "HOSTNAME: $host"
echo ""
# Run commands
sshpass -p $pass ssh -l $user $host "uname -a"
sshpass -p $pass ssh -l $user $host "df -h"
echo ""
echo "===================================="
done
echo ""
echo "DONE"
echo ""
Simply place ssh_magic.csv and ssh_magic.sh together and run the script.
Conclusion
You now know how to run commands on any number of SSH machines, without any prompt! Make sure you check the other ways to pass the password to sshpass - they offer more secure ways than directly on the command line with the -p option.
 |
Mike Peters, 12-21-2009 |
If you get an error message about SIGWINCH undeclared, add this to your main.c:
#define SIGWINCH 28
 |
Repkin, 01-13-2010 |
Thanks Michel...
|
|
Subscribe Now to receive new posts via Email as soon as they come out.
Comments
Post your comments