Re: SSH to multiple servers

Although I'm sure that Net::SSH is a grand module (I admittedly haven't used it), it appears from its documentation that it may not provide as robust a model for interaction with the remote system as Expect or Expect::Simple. Both Expect modules encapsulate connections as objects, so dealing with multiple servers concurrently is fairly trivial.

As for user auth, setting up RSA/DSA key pairs to allow passwordless login is the way to go. Especially since the alternative is to store your passwords in a file. Just set a good passphrase on the private key(s) so they can't be trivially lifted from the filesystem.

Comment on Re: SSH to multiple servers

Replies are listed 'Best First'.
Re^2: SSH to multiple servers by andyford (Curate) on Jun 26, 2006 at 16:19 UTC
But how do you automate once you've set a passphrase? Aren't you back to putting a password/passphrase in a file?	[reply]
Re^3: SSH to multiple servers by dsheroh (Monsignor) on Jun 26, 2006 at 16:30 UTC
You can use ssh-agent and ssh-add to allow you to manually enter the passphrase once, then have the keys available to all shells/programs you run under the agent, including your ssh-to-multiple-servers app. (Most Linux distros run ssh-agent by default when you log in under X, at least; if it's not active, `ssh-agent bash` will open a new shell with an active agent.) So the worst-case process would be: Log in Run `ssh-agent bash` Run `ssh-add`, which prompts for your passphrase Enter passphrase Run the multiple-ssh program Step 2 may not be necessary if you're running under an ssh-agent by default. If you completely trust the system you're running on, steps 3 and 4 can be skipped by using an empty passphrase on the private key, but I wouldn't recommend doing so unless you need it to be able to run unattended (e.g., from cron), since that does go back to putting the complete login credentials into a file.	[reply] [d/l] [select]