Firstly let me say that embedding roots password in a script (any script) is very nasty and should be avoided at all cost!

Since you don't seem to have a requirement to capture the output of the ssh command then the best solution (security wise) is to add a crontab entry on each host to run the script. No cross network priveledges required.

If that is not a feasible option for some reason that you have not given us then read up on SSH forced commands. Basically a forced command is an SSH key pair which allows the running of only commands that you specify. It can be used with root with reasonable safety. If you use perl for your forced command (of course!) then you can switch on taint mode and basically treat it like a CGI (ie don't trust anything!). I have been meaning to write a tutorial on perl/ssh forced commands, here is some sample code for you-

Sample call of ssh forced command using open3 so we can capture STDOUT & STDERR and also talk to STDIN (if required) on the remote host: 

    my $ssh = "/usr/local/bin/ssh";
    my @ssh_cmd_to_run=($ssh, "-i", $key_file, "user\@$host", "scriptn
+ame", "options");
    open3(*SSH_IN, *SSH_OUT, *ERROR, @ssh_cmd_to_run);
    print SSH_IN $parameters_you_dont_want_seen;
    close(SSH_IN);
    my $return = <SSH_OUT>;
    close(SSH_OUT);
    my @error=<ERROR>;
    close(ERROR);

[download]

Sample ssh forced command would be something like this (untested)- 

#!/usr/bin/perl -wT
#

BEGIN {
    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
    $ENV{PATH} = "";
}
use strict;

process_ssh_command($ENV{SSH_ORIGINAL_COMMAND});
exit;

sub process_ssh_command {
    my $ssh_command =  shift || '';
    if ( ! $ssh_command ){
        print "Error: You must specify the command to run\n";
        return;
    }
    if ( $ssh_command =~ /^scriptname\s+(options_regex)$/ ){
        my $options= $1 || '';
        # do something if options not set
        chomp(my $stdin = <STDIN>); # if you need it
        # untaint stdin
        system("/path/to/scriptname", $options);
        return;
    }
    print "Error: Unknown command or incorrect format \"$ssh_command\"
+\n";
    return;
}

[download]
I would tend to make the error messages terse so as not to give any information away to any-one snooping!

In roots SSH authorized keys the forced command key would look something like this- command="/path/to/forced_command.pl" ssh-dss ......

Update:If you look in the sshd(8) manpage under AUTHORIZED_KEYS FILE FORMAT the command="command" section describes this mechanism.

--
my $chainsaw = 'Perl';

In reply to Re: Running Perl program w/root privs via cron by greenFox
in thread Running Perl program w/root privs via cron by virtualsue

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.