LJ Archive

Tech Tips: Easy SSH Automation

A script a day will allow you some freedom to play and build other useful and more complicated scripts. Every day, I attempt to make my life easier—by this I mean, trying to stop doing the repetitive tasks. If a process is repeatable; it can be scripted and automated. The idea to automate everything is not new, but try automating a command on a remote host.

SSH is very flexible, and it comes with many options. My absolute favorite is its ability to let you run a command on a remote server by passing the -t flag. An example:


ssh -t adam@webserver1.test.com 'cat /etc/hosts'

This will ssh to webserver1.test.com, then run cat /etc/hosts in your shell and return the output.

For efficiency, you could create an SSH key pair. It's a simple process to create a passwordless public and a private key pair. To set this up, use ssh-keygen, and accept the defaults ensuring you leave the password blank:


ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/adam/.ssh/id_rsa): y
Enter passphrase (empty for no passphrase): LEAVE BLANK
Enter same passphrase again: 
Your identification has been saved in y.
Your public key has been saved in y.pub.
The key fingerprint is:
SHA256:jUxrQRObADE8ardXMT9UaoAcOcQPBEKGU622646P8ho 
 ↪adam@webserver1.test.com
The key's randomart image is:
+---[RSA 2048]----+
|B*++*Bo.=o       |
|.+.              |
|=*=              |
+----[SHA256]-----+

Once completed, copy the public key to the target server. To do this, use ssh-copy-id:


ssh-copy-id adam@webserver1.test.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/adam/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), 
 ↪to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if 
 ↪you are prompted now it is to install the new keys
adam@webserver1.test.com's password: ******** 
Number of key(s) added:        1

You will be asked for the password of the target server.

If you have set this up correctly, you won't be asked for your password next time you ssh to your target.

Execute the original example. It should be quicker now that you don't need to enter your password.

If you have a handful of servers and want to report the running kernel versions, you can run uname -r from the command line, but to do this on multiple devices, you'll need a script.

Start with a file with a list of your servers, called server.txt, and then run your script to iterate over each server and return the required information:

 
#!/bin/bash
if [ -f server.txt ]; then
        for server in $(cat server.txt); do
                ssh -t adam@$server  '
                echo $(uname -r)                '
        done
else
        echo 'No server.txt file'
fi

The if statement is checking to ensure that there's a file called server.txt. The for loop creates the variable called server for each target in server.txt, it then connects and fetches the kernel information.

In conclusion, with slight modifications, you can have an army of scripts to run in cron or manually; these scripts will become your toolbox to freedom.

—Adam McPartlan is Father of Twins - Linux lover, Open Source Enthusiast - LFCS, AWS Cloud Practitioner. Follow him on Twitter: @mcparty.

Send LJ Your Tech Tips

If you have a short tech tip you'd like to submit to Linux Journal, send an email to ljeditor@linuxjournal.com with Tech Tip in the subject line.

LJ Archive