Welcome to the MacNN Forums.

BostonMACOSX · Jan 27, 2003, 12:08 AM

Here is a situation:

need to set up a shell script that will SSH to 25 different machines one at a time and envoke a script i have on them. the romte script is already called by CRON once a night, however I want the option of running the script at my own convenience. Have sudoers file and SSH keys set up so that no passwords will be asked for.

Just curious about how a Shell Script would look to connect, run a few commands on the remote machine, disconnect and then move to the next machine etc etc.

Thanks
BostonMACOSX

Tritium · Jan 27, 2003, 09:40 AM

ssh -T user@host <<EOF
ls -l
more commands here
EOF

What are your motives for wanting to do this?

BostonMACOSX · Jan 27, 2003, 10:37 AM

Originally posted by Tritium:
ssh -T user@host <<EOF
ls -l
more commands here
EOF

What are your motives for wanting to do this?

25 machines which I need to run a script on. It is in cron normally, but of I want to run it off schedule. I want to be able to select each machine from my laptop and run a script remotely. They are just some maintenence scripts. Would I repeat the code in blocks for each machine I want this to effect?

Tritium · Jan 27, 2003, 10:47 AM

hosts="user@host1 user2@host2 some@where"

for h in $hosts; do
ssh code here
done

bash, of course

BostonMACOSX · Jan 27, 2003, 12:04 PM

Originally posted by Tritium:
hosts="user@host1 user2@host2 some@where"

for h in $hosts; do
ssh code here
done

bash, of course

And Done I assume will close the SSH connection? How does it differ from your EOF example?

Sorry for all the question...

Thanks
BostonMACOSX

Tritium · Jan 27, 2003, 02:06 PM

done is the end of the for loop. You still need the ssh user@host <<EOF and then EOF code inside the for loop.

BostonMACOSX · Feb 7, 2003, 04:07 PM

Originally posted by Tritium:
done is the end of the for loop. You still need the ssh user@host <<EOF and then EOF code inside the for loop.

thanks for all the help. One of the commands I run remotely spits back a lot and takes some time to complete. Is there a way just to move on to the next computer after sending the command withough having to wait for it to complete?
Thanks
BostonMACOSX

Arkham_c · Feb 7, 2003, 07:51 PM

Originally posted by BostonMACOSX:
thanks for all the help. One of the commands I run remotely spits back a lot and takes some time to complete. Is there a way just to move on to the next computer after sending the command withough having to wait for it to complete?
Thanks
BostonMACOSX

You can do your ssh command in the background by adding an "&" on the end of the command. So:

ssh -T user@host "mycommand &"

Of course, your standard output will still come back to the controlling shell unless you redirect it or use nohup.

thanatos · May 8, 2003, 05:56 AM

But what if the servers need password? I tried putting the password after the username but no luck like this:

ssh -T User

assword@host <<EOF
ls -l
more commands here
EOF

Arkham_c · May 8, 2003, 09:31 AM

Originally posted by thanatos:
But what if the servers need password? I tried putting the password after the username but no luck like this:

ssh -T Userassword@host <<EOF
ls -l
more commands here
EOF

As far as I know, there's no way to enter the password via the script. You really have two options. Both involve generating ssh-keys (via ssh-keygen, use DSA instead of RSA), then adding the public key to the authorized_keys file in ~/.ssh on the remote boxes.

In option 1, you use no passphrase. That way, your private key gets you in. If you have security on the originating box, this is fine. If not, see option 2:

In option 2, you use a passphrase. Then, you run ssh-agent, which will temporarily cache your passphrase for you. The cron jobs can then get the passphrase from the ssh-agent and use it to log into the remote boxes. This is more secure, but less convenient.

thanatos · May 8, 2003, 01:30 PM

Originally posted by Arkham_c:
As far as I know, there's no way to enter the password via the script. You really have two options. Both involve generating ssh-keys (via ssh-keygen, use DSA instead of RSA), then adding the public key to the authorized_keys file in ~/.ssh on the remote boxes.

In option 1, you use no passphrase. That way, your private key gets you in. If you have security on the originating box, this is fine. If not, see option 2:

In option 2, you use a passphrase. Then, you run ssh-agent, which will temporarily cache your passphrase for you. The cron jobs can then get the passphrase from the ssh-agent and use it to log into the remote boxes. This is more secure, but less convenient.

Thanks I'll try that out...

[APi]TheMan · Oct 23, 2004, 05:52 AM

Originally posted by Tritium:
ssh -T user@host <<EOF
ls -l
more commands here
EOF

Question, why the <<EOF AND the EOF at the end of the input? I understand the use of the double arrow brackets used as such: cat /etc/passwd >> append_me for appending output instead of just writing it (or overwriting) but I've never seen it used as an input operator like above...

Also, how does the "EOF" at the bottom of the input work? I thought you had to control-D to end input? Wouldn't the text "EOF" be different than the code sent by a control-D?

Mithras · Oct 25, 2004, 08:59 PM

Bash "here documents":

A here document is a special-purpose code block. It uses a form of I/O redirection to feed a command list to an interactive program or command, such as ftp, telnet, or ex.

Code:
#!/bin/bash
interactive-program <<LimitString
command #1
command #2
...
LimitString

If you haven't discovered it yet, the Advanced Bash Scripting Guide is a wonderful resource.

One way you could learn about something like this is by typing:
man bash
then type
/<< and hit return
where the / means "search", then you enter the search string, followed by return.

The first hit hit is about "here documents", and you can then press n to cycle through subsequent occurrences of "<<" in the manpage.