Remote Administration

eclecticIO has asked for the wisdom of the Perl Monks concerning the following question:

   I know I can't be the only one out there with this problem, but, after Searching and Super Searching here on Perl Monks in addition to generally meandering across the vast networked cosmos, I can't seem to find a free...ummm cost effective solution. So I thought I'd be a Seeker(s) of Perl Wisdom.

   I need some ideas of how to access processes and files on remote systems. I'm trying to automate and consolidate administrative tasks and fine tune my laziness. I'm currently using system() with rsh/rcp and have come across File::Remote (which also uses rsh/rcp or ssh/scp but makes the code a bit cleaner). I've also seen NSH:: at Shpink Software, but I'm not looking to spend money on this. I was wondering if anyone knows of a better way of doing this.

   I realize this is a wide open question, probably too much so, but I just wanted as many ideas as possible. I seem to have hit the proverbial brick wall. I can further research something that seems promising, but I need that push in the right direction. I didn't want to keep retain part of the brick wall by making my question as restrictive as my case is.

Thanks for the help.
EclecticIO
PS This is my first posted question. Please be gentle. ;)

"Given the pace of technology, I propose we leave math to the machines and go play outside." Calvin - Homicidal Psycho Jungle Cat

Comment on Remote Administration

Replies are listed 'Best First'.
Re (tilly) 1: Remote Administration by tilly (Archbishop) on Aug 18, 2000 at 02:22 UTC
I find that ssh simply rocks. Plus it is free, encrypted, etc, etc. One interesting idea. If you are willing to set up trusted users on various machines who can login w/o passwords to other machines, then you can completely remove all of your passwords from your scripts. This can be very nice. :-)	[reply]
RE: Re (tilly) 1: Remote Administration by ferrency (Deacon) on Aug 18, 2000 at 07:17 UTC
That is the solution we've used at work in the past: ssh/scp with passwordless access using public authorized_keys. The part we don't like about this arrangement is, setting up and breaking down the ssh pipes takes a longer than we'd prefer, especially when doing a lot of little operations in succession. Ideally, we'd like to implement an RPC library which builds (and re-builds if it is broken) an ssh pipe, and then uses it persistently over multiple RPC requests. Of course, most straightforward ways of doing this bypass the security provided by ssh. We looked into the perl RPC modules available about a year ago or more, and the best we found was a module that used shared secrets instead of public key encryption, which we didn't like (and couldn't get to work). I'd think this was a pretty common problem; I'm surprised someone hasn't already figured out a more clever solution that I can come up with, and put it into a module... Alan	[reply]
RE (tilly) 3: Remote Administration by tilly (Archbishop) on Aug 18, 2000 at 07:28 UTC
Try controlling a remote shell through the Expect module.	[reply]
RE: RE (tilly) 3: Remote Administration by ferrency (Deacon) on Aug 18, 2000 at 19:12 UTC
(crazyinsomniac) Re: Remote Administration by crazyinsomniac (Prior) on Aug 18, 2000 at 04:16 UTC
Hi Tilly, How would you go about setting up trusted users on various machines who can login w/o passwords? You can spoof IP, MAC ...? It sounds very interesting, but more insight would be greatly appreciated? "cRaZy is co01, but sometimes cRaZy is cRaZy". - crazyinsomniac	[reply]
RE: Re: Remote Administration by BlueLines (Hermit) on Aug 18, 2000 at 04:39 UTC
look here for info about setting up passwordless RSA authentication. Or read the ssh manpage. spoofing ip addresses/mac addresses won't work with this method since it's key based, not host based. If someone had access to your private key, then they could use your account to machines that you already set up a trust relationship with. But the only person besides you who could access that key is root (it wont work unless your keys are set go-rwx). And if you don't trust the admin on your machine, you shouldn't set this up in the first place. Also, make sure you are using the legally correct version of SSH. SSH2 is much more restrictive than SSH1, and ssh-1.2.27 is the last version free for all use. Read the license. You may also want to check out OpenSSH which is released under the BSD license. BlueLines Disclaimer: This post may contain inaccurate information, be habit forming, cause atomic warfare between peaceful countries, speed up male pattern baldness, interfere with your cable reception, exile you from certain third world countries, ruin your marriage, and generally spoil your day. No batteries included, no strings attached, your mileage may vary.	[reply]
RE (tilly) 2: Remote Administration by tilly (Archbishop) on Aug 18, 2000 at 04:33 UTC
I am not sitting at a machine so configured, but glancing at the sshd man page I believe you have to trust RSAAuthentication for version 1 and DSAAuthentication for version 2 to do it. This, of course, results in specific users on several machines getting automatic access to others, and means that a root exploit on any machine turns into user accounts on several. OTOH you stop having to have passwords sitting around in scripts, possibly passed in environment variables, and other such mistakes. Pick your poison. Personally I think it is worthwhile but I am no security expert. BTW a good tool to use with ssh is rsync. :-)	[reply]