[OT] ssh login script - Please Help
Hi
I appreciate this is OT but could someone just give me a little
advice, I've written this script to logon on each server then restart
the ntpd daemon. The problem I have is it only restarts the daemon for
the last server provided in the list, any ideas as to why and how to
fix it?
#!/usr/bin/expect -f
set argc [llength $argv]
for {set i 0} {$i<$argc} {incr i} {
puts "arg $i: [lindex $argv $i]"
set var1 [lindex $argv $i]
spawn scp /etc/ntp.conf "r...@$var1:/etc/"
spawn ssh r...@$var1 "/etc/init.d/ntpd restart"
}
###
expect {
-re ".*es.*o.*" {
exp_send "yes\r"
exp_continue
}
-re ".*sword.*" {
exp_send "\r"
}
}
interact
When run I get the following:
./test.expect server1 server2
arg 0: server1
spawn scp /etc/ntp.conf r...@server1:/tmp/
spawn ssh r...@server1 /etc/init.d/ntpd restart
arg 1: server2
spawn scp /etc/ntp.conf r...@server2:/tmp/
spawn ssh r...@server2 /etc/init.d/ntpd restart
r...@server2's password:
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
Any ideas?
Thanks for any help.
Dan
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
On Thu, 2009-05-07 at 15:22 +0100, Dan Track wrote: > Any ideas? Do you actually *WANT* to login and restart each server, or are you doing this to deal with the NTP servers stuffing up? If the latter, there are some known problems and (better) solutions regarding NTP servers twiddling their thumbs instead of working. -- [...@localhost ~]$ uname -r 2.6.27.21-78.2.41.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
Dan Track wrote: > I appreciate this is OT but could someone just give me a little > advice, I've written this script to logon on each server then > restart the ntpd daemon. The problem I have is it only restarts the > daemon for the last server provided in the list, any ideas as to why > and how to fix it? While I'm not offering any help on why your expect script is failing you, I would say that if you have a need to ssh into multiple machines to copy config files and restart services, you should look into tools like func and puppet. Func is perfect for quick, one-off commands. Puppet is better for complete configuration management. As a t-shirt from Reductive Labs¹, the makers of Puppet said, "SSH in a loop is _not_ a solution." ;) ¹ http://reductivelabs.com/images/Layouts.pdf -- ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ A statesman is a dead politician. Lord knows, we need more statesmen. -- Opus pgp8L73AIigwD.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
> Dan Track wrote: >> I appreciate this is OT but could someone just give me a little >> advice, I've written this script to logon on each server then >> restart the ntpd daemon. The problem I have is it only restarts the >> daemon for the last server provided in the list, any ideas as to why >> and how to fix it? > > While I'm not offering any help on why your expect script is failing > you, I would say that if you have a need to ssh into multiple machines > to copy config files and restart services, you should look into tools > like func and puppet. Func is perfect for quick, one-off commands. > Puppet is better for complete configuration management. > > As a t-shirt from Reductive Labs¹, the makers of Puppet said, "SSH in a > loop is _not_ a solution." ;) > > ¹ http://reductivelabs.com/images/Layouts.pdf Alternately, Dan ought to, instead of an expect script, use a non-root user, key-based authentication (bypass the password), scp the conf file to the non-root user's homedir, and sudo to provide root level privs to move the conf file into place and restart NTP. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscr...@bubbanfriends.org -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
Mike Burger wrote: > > Alternately, Dan ought to, instead of an expect script, use a non-root > user, key-based authentication (bypass the password), scp the conf file to > the non-root user's homedir, and sudo to provide root level privs to move > the conf file into place and restart NTP. > Or don't log in at all. Use scp to copy the file, and then ssh where it is set to run a command when you connect. (Use the comand="comand" format for the key.) One thing I am not sure of is if you can use the same key for scp when using the command= option. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
> Mike Burger wrote: >> >> Alternately, Dan ought to, instead of an expect script, use a non-root >> user, key-based authentication (bypass the password), scp the conf file >> to >> the non-root user's homedir, and sudo to provide root level privs to >> move >> the conf file into place and restart NTP. >> > Or don't log in at all. Use scp to copy the file, and then ssh where > it is set to run a command when you connect. (Use the > comand="comand" format for the key.) One thing I am not sure of is > if you can use the same key for scp when using the command= option. Well, is part of the openssh suite, and does/will use the same key as the ssh executable. I use keys to scp and ssh to run commands all the time, without having to pass passwords along, in order to automate processes, all the time. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscr...@bubbanfriends.org -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
Mike Burger wrote: > Mikkel wrote: >> Or don't log in at all. Use scp to copy the file, and then ssh where >> it is set to run a command when you connect. (Use the >> comand="comand" format for the key.) One thing I am not sure of is >> if you can use the same key for scp when using the command= option. > > Well, is part of the openssh suite, and does/will use the same key as the > ssh executable. > > I use keys to scp and ssh to run commands all the time, without having to > pass passwords along, in order to automate processes, all the time. > I do the same. But I have never tried to use the private key that was tied to a command on the other machine with scp, so I do not know if scp will work with a key that is only allowed to run one program on the remote machine. (You can not "login" in using that key.) What I was thinking of was: scp file to remote machine ssh to remote machine witch triggers a command on the remote machine. From the sshd man page: command="command" Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or should specify no-pty. A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. Note that this option applies to shell, command or subsystem execution. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
> Mike Burger wrote: >> Mikkel wrote: >>> Or don't log in at all. Use scp to copy the file, and then ssh where >>> it is set to run a command when you connect. (Use the >>> comand="comand" format for the key.) One thing I am not sure of is >>> if you can use the same key for scp when using the command= option. >> >> Well, is part of the openssh suite, and does/will use the same key as >> the >> ssh executable. >> >> I use keys to scp and ssh to run commands all the time, without having >> to >> pass passwords along, in order to automate processes, all the time. >> > I do the same. But I have never tried to use the private key that > was tied to a command on the other machine with scp, so I do not > know if scp will work with a key that is only allowed to run one > program on the remote machine. (You can not "login" in using that > key.) What I was thinking of was: > > scp file to remote machine > ssh to remote machine witch triggers a command on the remote machine. > > From the sshd man page: > > command="command" >Specifies that the command is executed whenever this key is >used for authentication. The command supplied by the user >(if any) is ignored. The command is run on a pty if the >client requests a pty; otherwise it is run without a tty. >If an 8-bit clean channel is required, one must not request >a pty or should specify no-pty. A quote may be included in >the command by quoting it with a backslash. This option might >be useful to restrict certain public keys to perform just a >specific operation. An example might be a key that permits >remote backups but nothing else. Note that the client may >specify TCP and/or X11 forwarding unless they are explicitly >prohibited. The command originally supplied by the client is >available in the SSH_ORIGINAL_COMMAND environment variable. >Note that this option applies to shell, command or subsystem >execution. Ok...I see where you're going. Well, he could just continue to go with the methodology he's currently employing...use scp to copy the file over, then use ssh to run a command (that command could be a script that runs a number of things, obviously) or multiple commands (multiple ssh calls). -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscr...@bubbanfriends.org -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
Mikkel L. Ellertson wrote: Mike Burger wrote: Mikkel wrote: Or don't log in at all. Use scp to copy the file, and then ssh where it is set to run a command when you connect. (Use the comand="comand" format for the key.) One thing I am not sure of is if you can use the same key for scp when using the command= option. Well, is part of the openssh suite, and does/will use the same key as the ssh executable. I use keys to scp and ssh to run commands all the time, without having to pass passwords along, in order to automate processes, all the time. I do the same. But I have never tried to use the private key that was tied to a command on the other machine with scp, so I do not know if scp will work with a key that is only allowed to run one program on the remote machine. (You can not "login" in using that key.) [ forgive my mid-line snip of your example ] You don't need to do two operations, you can pass the file to the script: cat myfile | ssh -i myscript.key machine [optional args] the first command in the script is something like: dd of=safedir/new.myfile You can pass arguments to the script, they will end up in $SSH_ORIGINAL_COMMAND which can be read by the script. My backup script takes full|incr|config|logs|crit argument on the client and sends the backup data to stdout where I can save it. -- Bill Davidsen "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [OT] ssh login script - Please Help
Bill Davidsen wrote: > > You don't need to do two operations, you can pass the file to the script: > cat myfile | ssh -i myscript.key machine [optional args] > the first command in the script is something like: > dd of=safedir/new.myfile > > You can pass arguments to the script, they will end up in > $SSH_ORIGINAL_COMMAND which can be read by the script. My backup script > takes full|incr|config|logs|crit argument on the client and sends the > backup data to stdout where I can save it. > A much better way to do it then I had posted. I like it! Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
