Two or three things you need to know about SSH Remote command execution

Time:2020-2-13

Preface

I believe that when you work, you may encounter that you can easily handle some repetitive work by Using SSH to execute commands of remote machines locally. We hope to:

  • No manual password input
  • Support to execute multiple commands and shell scripts
  • Support the command of sudo

No manual password input

We can use SSH mutual trust, SSH pass, expect and other tools to avoid manual password entry.

During the use process, you may encounter the following tedious scenarios where you need to enter yes manually:


$ ssh [email protected]
The authenticity of host ... can't be established.
ECDSA key fingerprint is ...
Are you sure you want to continue connecting (yes/no)?

To avoid the above scenario, add the following parameters to the SSH command:


$ ssh -o "StrictHostKeyChecking no" [email protected]

SSH mutual trust

The configuration of SSH mutual trust is very simple. First, generate SSH key:


$ ssh-keygen

Copy the public key to the truster:


$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

After that, execute the order:


$ ssh -o "StrictHostKeyChecking no" [email protected] cmd

sshpass

Sshpass is a non interactive SSH password verification tool. Install it before use:


$ yum install sshpass

Use the following:


$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] cmd

expect

Expect is a software tool for automatic control and testing. Although the cost of learning is high, expect has powerful functions. It is convenient to use expect to execute remote commands. Install before use:


$ yum install expect

For example:


#!/usr/bin/expect

spawn ssh -o "StrictHostKeyChecking no" [email protected]
expect "*assword*"
send "password\n"
expect "*$*"
send "command\n"
expect "*$*"
send "exit\n"
expect eof

Expect supports not only SSH, but also SCP, FTP and other tools.

Support for multiple commands and scripts

Execute multiple commands

Sshpass and expect are very similar in supporting multiple commands. Just use the & & connect command:


# ssh trust
$ ssh -o "StrictHostKeyChecking no" [email protected] "cmd1 && cmd2"

For example:


# sshpass
$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] "ls -a && mkdir test"

# expect
......
expect "*$*"
send "ls -a && mkdir test\n"
......

Execute local script

For executing local scripts, SSH and SSH pass are used similarly.


# ssh trust
$ ssh -o "StrictHostKeyChecking no" [email protected] bash -s < shell_script.sh

# sshpass
$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] bash -s < shell_script.sh

For expect, first copy the script to the remote host, and then execute the script on the remote host. The steps are as follows:


...
# Copy script to remote host
spawn scp -o "StrictHostKeyChecking no" shell_script.sh [email protected]:~/
expect "*assword*"
send "password\n"
expect "*100%*"
expect eof

# Execute the shell script at remote host
spawn ssh -o "StrictHostKeyChecking no" [email protected]
expect "*assword*"
send "password\n"
expect "*$*"
send "sh shell_script.sh\n"
......

Support sudo command execution

Some commands require sudo permission to execute, but we do not want to enter the password repeatedly. We can change each command as follows:


cmd ---> 'echo password | sudo -S cmd'

For example:


$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] "echo password | sudo -S mkdir /newdir"

For some commands, such as echo and DD, sometimes the following failure scenarios occur:

$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] 'echo password | sudo -S echo hello > /newdir/newfile'
Bash: / newdir / newfile: insufficient permissions

The solution is as follows:


cmd ---> 'echo password | sudo -S sh -c "cmd"'

# For example
$ sshpass -p password ssh -o "StrictHostKeyChecking no" [email protected] 'echo WSfdl097018= | sudo -S sh -c "echo hello > /newdir/newfile"'

If expect is used, the script needs to be copied to the remote host, and then sudo is used to execute the script on the remote host, which is simpler and more robust than SSH pass


...
# Copy script to remote host
spawn scp -o "StrictHostKeyChecking no" shell_script.sh [email protected]:~/
expect "*assword*"
send "password\n"
expect "*100%*"
expect eof

# Execute the shell script at remote host
spawn ssh -o "StrictHostKeyChecking no" [email protected]
expect "*assword*"
send "password\n"
expect "*$*"
send "sudo sh shell_script.sh\n"
expect "*assword*"
send "password\n"
......

summary

The above is the whole content of this article. I hope that the content of this article can bring some help to your study or work. If you have any questions, you can leave a message and communicate with us. Thank you for your support for developpaer.

Recommended Today

[reading notes] calculation advertising (Part 3)

By logm This article was originally published at https://segmentfault.com/u/logm/articles and is not allowed to be reproduced~ If the mathematical formula in the article cannot be displayed correctly, please refer to: Tips for displaying the mathematical formula correctly This article isComputing advertising (Second Edition)Reading notes. This part introduces the key technology of online advertising, which is […]