kazeeks has asked for the wisdom of the Perl Monks concerning the following question:

Hi.. I'm working on a script that manages sharepoints on our fileservers. We have several fileservers throughout town, and my script is to run locally, and execute commands on a remote fileserver. Everything is Mac OS X. My eventual goal is to implement this over CGI on a secured website, but for now it runs at the prompt. I've tried 4 approaces, with mixed results:

1. $ssh_out = `ssh -2 $user\@$host $ssh_cmd`;
This gets complicated when running multiple commands (I have a few loops that generate a directory hierarchy). I also don't know how to send data to the stdin when prompted, so if my $ssh_cmd starts with a 'sudo', I have to type the password manually.

2. system "ssh -2","$user",'@',"$host","$ssh_cmd";
This gives me similar problems as above, as well as issues with my chgrp command, which must include a backslash as part of the group name.

3. using Net::SSH
I don't immediately see how to pass options to ssh itself, like the -2 or a -v. It also seems difficult, or at least expensive, to work this thru a loop.

4. using Net::SSH::Perl
Because this requires dozens of dependencies, I'm having great difficulty compiling and installing this under OS X.

What's the best way to open an SSH connection with a remote host and run a bunch of commands, some as the super-user, without asking for a password. I've already exchanged SSH keys so I can log in from the terminal without supplying a password (yes, it's insecure, i know).

Thanks

Disclaimer: I'm a self-taught sysadmin, and an even newer self-taught perl enthusiast; this is my first script using cpan modules. No formal training in CompSci or programming. Electronics is my thing.

  • Comment on Installing Net::SSH::Perl on OS X, or how to run commands remotely

Replies are listed 'Best First'.
Re: Installing Net::SSH::Perl on OS X, or how to run commands remotely
by idsfa (Vicar) on Sep 28, 2005 at 14:49 UTC

    "The best way" is to have a secured directory on each remote machine containing scripts which do each of your automated tasks. Then you set up a restricted shell so that the user that your password-free key logs in as can only run the scripts in that directory. If you need to use sudo, you read up on the NOPASSWD flag for the sudoers file.

    Of course, you have to vet your scripts very carefully to make sure that they cannot be subverted ...

    For extra credit, you can set things up so that a given ssh key can only run one of these scripts ... no command prompt at all. You need more keys, but they can each only do the thing they were meant for. I have used this method to quiesce databases as part of a backup cycle.

    The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. -- Cyrus H. Gordon
[reply]
      hi This may help you.. 
      If you want to generate keys using SSH for automatic login / passwordl
+ess login then follow the steps

A -> your server where from you want to login remote servers
B, C servers you want to monitor
---------
- login to A
- ssh-keygen -t rsa
ENTER - ENTER - ENTER 
- chmod 600 $HOME/.ssh/id_rsa
- cat $HOME/.ssh/id_rsa.pub
- copy this into 1 line into $HOME/.ssh/authorized_keys file of server
+ B and C.

It can be first time you have to login each server manually, but since
+ 2nd try it login automatically.

=> you can copy the id_rsa.pub too with scp like this:
cd .ssh/
scp id_rsa.pub username@12.18.1.3:./authorized_keys

      [download]
      this is how the passwordless logins are made.if you want to run multiple commands do use '|' symbol and regarding the Net::SSH is also a best option to access the devices remotely and it is secure than telnet. i have done a project using NET::TELNET::CISCO to login into network devices and check for certain parameters.
[reply]
[d/l]
Re: Installing Net::SSH::Perl on OS X, or how to run commands remotely
by kwaping (Priest) on Sep 28, 2005 at 15:10 UTC
    You might want to investigate using Expect for this task.
[reply]

Back to Seekers of Perl Wisdom