Re: Installing Net::SSH::Perl on OS X, or how to run commands remotely

"The best way" is to have a secured directory on each remote machine containing scripts which do each of your automated tasks. Then you set up a restricted shell so that the user that your password-free key logs in as can only run the scripts in that directory. If you need to use sudo, you read up on the NOPASSWD flag for the sudoers file.

Of course, you have to vet your scripts very carefully to make sure that they cannot be subverted ...

For extra credit, you can set things up so that a given ssh key can only run one of these scripts ... no command prompt at all. You need more keys, but they can each only do the thing they were meant for. I have used this method to quiesce databases as part of a backup cycle.

The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. -- Cyrus H. Gordon

Comment on Re: Installing Net::SSH::Perl on OS X, or how to run commands remotely

Replies are listed 'Best First'.
Re^2: Installing Net::SSH::Perl on OS X, or how to run commands remotely by pingme8705 (Acolyte) on Sep 29, 2005 at 06:06 UTC
hi This may help you.. If you want to generate keys using SSH for automatic login / passwordl +ess login then follow the steps A -> your server where from you want to login remote servers B, C servers you want to monitor --------- - login to A - ssh-keygen -t rsa ENTER - ENTER - ENTER - chmod 600 $HOME/.ssh/id_rsa - cat $HOME/.ssh/id_rsa.pub - copy this into 1 line into $HOME/.ssh/authorized_keys file of server + B and C. It can be first time you have to login each server manually, but since + 2nd try it login automatically. => you can copy the id_rsa.pub too with scp like this: cd .ssh/ scp id_rsa.pub username@12.18.1.3:./authorized_keys [download] this is how the passwordless logins are made.if you want to run multiple commands do use '\|' symbol and regarding the Net::SSH is also a best option to access the devices remotely and it is secure than telnet. i have done a project using NET::TELNET::CISCO to login into network devices and check for certain parameters.	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Installing Net::SSH::Perl on OS X, or how to run commands remotely
by pingme8705 (Acolyte) on Sep 29, 2005 at 06:06 UTC

If you want to generate keys using SSH for automatic login / passwordl
+ess login then follow the steps

A -> your server where from you want to login remote servers
B, C servers you want to monitor
---------
- login to A
- ssh-keygen -t rsa
ENTER - ENTER - ENTER 
- chmod 600 $HOME/.ssh/id_rsa
- cat $HOME/.ssh/id_rsa.pub
- copy this into 1 line into $HOME/.ssh/authorized_keys file of server
+ B and C.

It can be first time you have to login each server manually, but since
+ 2nd try it login automatically.

=> you can copy the id_rsa.pub too with scp like this:
cd .ssh/
scp id_rsa.pub username@12.18.1.3:./authorized_keys
[download]

[reply]
[d/l]