comment on

Monks-

I have the unfortunate task to execute various commands on various machines via ssh in a very restricted environment. By that I mean, for me to run a command on target machine D, I need to run nested ssh commands from machine A through machines B and C. We've already explored other alternatives in a previous thread, and so far, nested ssh commands seems to be the most reasonable route to go.

Given that, the question to be addressed here is how can I build a reasonable structure of quoting these nested ssh commands?

Here are some examples that show some pretty nasty looking solutions I've come up with. I'm hoping there is something better, but from the slim search results that I've done, I'm not holding my breath. I know that if anyone can help, I'll find them here.

I should explain that from machine A->B, I'm using Net::SSH::Perl to connect, and run the commands that appear in the examples. The rest of the machines B->C, and C->D, are all Sun boxes running Solaris, and I'm simply using the provided ssh binary (which is very old).

The contents of $cmd is provided as an argument to a subroutine that runs it on machine B.

What is happening here is that I've setup public/private keys on all the machines in the chain except for the last one. At this point, I'm trying to setup the final public key on the last machine in the chain. The commands have been simplified somewhat for readability (no really, the actual commands are even uglier).

Example 1

I was happy with this one for awhile, until I realized that the $HOME was being expanded on machine B instead of machine D. The only way I found it was that the same user had different home directories on the two machines.

my $cmd = "/usr/bin/ssh -t -i \$HOME/.ssh/privkey user\@machineC '/usr
+/bin/ssh -t -l user machineD \"mkdir \$HOME/.ssh;chmod go-w \$HOME &&
+ chmod go-w \$HOME/.ssh && ( echo $public_key ) >>\$HOME/.ssh/authori
+zed_keys\"'";
[download]

Example 2

This was my fix for Example 1, but I never could quite get it to work right. I couldn't figure out why, and isn't very easy on the eyes.

#/usr/bin/ssh -t -i \$HOME/.ssh/privkey user\@machineC '/usr/bin/ssh -
+t -l user machineD mkdir \\\$HOME/.ssh;chmod go-w \\\$HOME && chmod g
+o-w \\\$HOME/.ssh && ( echo $public_key ) >>\\\$HOME/.ssh/authorized_
+keys';
[download]

Example 3:

This is what I ended up with that works. It is my current favorite (maybe least-hated is a better way to say it). Using the embedded perl here-document style seems to make this more understandable than other methods, even though I still have to backslash the heck out of dollar, semi-colon, double-quotes, and redirects.

my $cmd = <<EOF;
/usr/bin/ssh -t -i \$HOME/.ssh/LeadRNCkey -l usr machineC '/usr/bin/ss
+h -t -l usr machineD uname -a\\; mkdir \\\$HOME/.ssh\\; chmod go-w \\
+\$HOME\\; chmod go-w \\\$HOME/.ssh\\; echo \\"$public_key\\\n\\" \\>\
+\>\\\$HOME/.ssh/authorized_keys'
EOF
[download]

Any thoughts or pointers are much appreciated!

Thanks

-Craig

In reply to Quoting Solutions for Nested SSH Commands? by cmv

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.