I have two questions:
我有两个问题:
- There are multiple remote linux machines, and I need to write a shell script which will execute the same set of commands in each machine. (Including some sudo operations). How can this be done using shell scripting?
- 有多个远程linux机器,我需要编写一个shell脚本,在每个机器中执行相同的命令集。(包括一些sudo操作)。如何使用shell脚本实现这一点?
- When ssh'ing to the remote machine, how to handle when it prompts for RSA fingerprint authentication.
- 当ssh到远程计算机时,如何处理RSA指纹认证提示。
The remote machines are VMs created on the run and I just have their IPs. So, I cant place a script file beforehand in those machines and execute them from my machine.
远程机器是在运行时创建的vm,我只有它们的ip。因此,我不能预先在这些机器上放置脚本文件并从我的机器上执行它们。
5 个解决方案
#1
95
There are multiple remote linux machines, and I need to write a shell script which will execute the same set of commands in each machine. (Including some sudo operations). How can this be done using shell scripting?
有多个远程linux机器,我需要编写一个shell脚本,在每个机器中执行相同的命令集。(包括一些sudo操作)。如何使用shell脚本实现这一点?
You can do this with ssh, for example:
您可以使用ssh实现这一点,例如:
#!/bin/bash
USERNAME=someUser
HOSTS="host1 host2 host3"
SCRIPT="pwd; ls"
for HOSTNAME in ${HOSTS} ; do
ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"
done
When ssh'ing to the remote machine, how to handle when it prompts for RSA fingerprint authentication.
当ssh到远程计算机时,如何处理RSA指纹认证提示。
You can add the StrictHostKeyChecking=no option to ssh:
您可以将stricthostkeycheck =no选项添加到ssh:
ssh -o StrictHostKeyChecking=no -l username hostname "pwd; ls"
This will disable the host key check and automatically add the host key to the list of known hosts. If you do not want to have the host added to the known hosts file, add the option -o UserKnownHostsFile=/dev/null.
这将禁用主机密钥检查,并自动将主机密钥添加到已知主机的列表中。如果您不想让主机添加到已知的主机文件,请添加选项-o UserKnownHostsFile=/dev/null。
Note that this disables certain security checks, for example protection against man-in-the-middle attack. It should therefore not be applied in a security sensitive environment.
注意,这将禁用某些安全检查,例如防止中间人攻击。因此,不应该在安全敏感的环境中应用它。
#2
4
There are a number of ways to handle this.
有很多方法可以处理这个问题。
My favorite way is to install http://pamsshagentauth.sourceforge.net/ on the remote systems and also your own public key. (Figure out a way to get these installed on the VM, somehow you got an entire Unix system installed, what's a couple more files?)
我最喜欢的方法是在远程系统上安装http://pamsshagentauth.sourceforge.net/以及您自己的公钥。(想办法把这些文件安装到VM上,不知怎么搞的,你已经安装了整个Unix系统,还有几个文件吗?)
With your ssh agent forwarded, you can now log in to every system without a password.
通过您的ssh代理,您现在可以登录到每个没有密码的系统。
And even better, that pam module will authenticate for sudo with your ssh key pair so you can run with root (or any other user's) rights as needed.
更好的是,pam模块将使用ssh密钥对对对sudo进行身份验证,以便根据需要使用root权限(或任何其他用户的权限)运行。
You don't need to worry about the host key interaction. If the input is not a terminal then ssh will just limit your ability to forward agents and authenticate with passwords.
您不需要担心主机键的交互。如果输入不是终端,那么ssh将限制您转发代理和使用密码进行身份验证的能力。
You should also look into packages like Capistrano. Definitely look around that site; it has an introduction to remote scripting.
您还应该查看Capistrano这样的包。一定要看看那个网站;它介绍了远程脚本。
Individual script lines might look something like this:
单独的脚本行可能如下所示:
ssh remote-system-name command arguments ... # so, for exmaple,
ssh target.mycorp.net sudo puppet apply
#3
3
Install sshpass using, apt-get install sshpass then edit the script and put your linux machines IPs, usernames and password in respective order. After that run that script. Thats it ! This script will install VLC in all systems.
安装sshpass, apt-get安装sshpass然后编辑脚本,并将你的linux机器IPs,用户名和密码按顺序排列。然后运行这个脚本。这就是它!此脚本将在所有系统中安装VLC。
#!/bin/bash
SCRIPT="cd Desktop; pwd; echo -e 'PASSWORD' | sudo -S apt-get install vlc"
HOSTS=("192.168.1.121" "192.168.1.122" "192.168.1.123")
USERNAMES=("username1" "username2" "username3")
PASSWORDS=("password1" "password2" "password3")
for i in ${!HOSTS[*]} ; do
echo ${HOSTS[i]}
SCR=${SCRIPT/PASSWORD/${PASSWORDS[i]}}
sshpass -p ${PASSWORDS[i]} ssh -l ${USERNAMES[i]} ${HOSTS[i]} "${SCR}"
done
#4
2
If you are able to write Perl code, then you should consider using Net::OpenSSH::Parallel.
如果您能够编写Perl代码,那么应该考虑使用Net:::OpenSSH::Parallel。
You would be able to describe the actions that have to be run in every host in a declarative manner and the module will take care of all the scary details. Running commands through sudo is also supported.
您将能够以声明的方式描述必须在每个主机中运行的操作,并且模块将处理所有可怕的细节。还支持通过sudo运行命令。
#5
-1
You can follow this approach :
你可以采用以下方法:
- Connect to remote machine using Expect Script. If your machine doesn't support expect you can download the same. Writing Expect script is very easy (google to get help on this)
- 使用Expect脚本连接到远程机器。如果您的机器不支持expect,您可以下载相同的程序。编写Expect脚本非常容易(谷歌在这方面得到帮助)
- Put all the action which needs to be performed on remote server in a shell script.
- 将需要在远程服务器上执行的所有操作放在shell脚本中。
- Invoke remote shell script from expect script once login is successful.
- 一旦登录成功,从expect脚本调用远程shell脚本。
#1
95
There are multiple remote linux machines, and I need to write a shell script which will execute the same set of commands in each machine. (Including some sudo operations). How can this be done using shell scripting?
有多个远程linux机器,我需要编写一个shell脚本,在每个机器中执行相同的命令集。(包括一些sudo操作)。如何使用shell脚本实现这一点?
You can do this with ssh, for example:
您可以使用ssh实现这一点,例如:
#!/bin/bash
USERNAME=someUser
HOSTS="host1 host2 host3"
SCRIPT="pwd; ls"
for HOSTNAME in ${HOSTS} ; do
ssh -l ${USERNAME} ${HOSTNAME} "${SCRIPT}"
done
When ssh'ing to the remote machine, how to handle when it prompts for RSA fingerprint authentication.
当ssh到远程计算机时,如何处理RSA指纹认证提示。
You can add the StrictHostKeyChecking=no option to ssh:
您可以将stricthostkeycheck =no选项添加到ssh:
ssh -o StrictHostKeyChecking=no -l username hostname "pwd; ls"
This will disable the host key check and automatically add the host key to the list of known hosts. If you do not want to have the host added to the known hosts file, add the option -o UserKnownHostsFile=/dev/null.
这将禁用主机密钥检查,并自动将主机密钥添加到已知主机的列表中。如果您不想让主机添加到已知的主机文件,请添加选项-o UserKnownHostsFile=/dev/null。
Note that this disables certain security checks, for example protection against man-in-the-middle attack. It should therefore not be applied in a security sensitive environment.
注意,这将禁用某些安全检查,例如防止中间人攻击。因此,不应该在安全敏感的环境中应用它。
#2
4
There are a number of ways to handle this.
有很多方法可以处理这个问题。
My favorite way is to install http://pamsshagentauth.sourceforge.net/ on the remote systems and also your own public key. (Figure out a way to get these installed on the VM, somehow you got an entire Unix system installed, what's a couple more files?)
我最喜欢的方法是在远程系统上安装http://pamsshagentauth.sourceforge.net/以及您自己的公钥。(想办法把这些文件安装到VM上,不知怎么搞的,你已经安装了整个Unix系统,还有几个文件吗?)
With your ssh agent forwarded, you can now log in to every system without a password.
通过您的ssh代理,您现在可以登录到每个没有密码的系统。
And even better, that pam module will authenticate for sudo with your ssh key pair so you can run with root (or any other user's) rights as needed.
更好的是,pam模块将使用ssh密钥对对对sudo进行身份验证,以便根据需要使用root权限(或任何其他用户的权限)运行。
You don't need to worry about the host key interaction. If the input is not a terminal then ssh will just limit your ability to forward agents and authenticate with passwords.
您不需要担心主机键的交互。如果输入不是终端,那么ssh将限制您转发代理和使用密码进行身份验证的能力。
You should also look into packages like Capistrano. Definitely look around that site; it has an introduction to remote scripting.
您还应该查看Capistrano这样的包。一定要看看那个网站;它介绍了远程脚本。
Individual script lines might look something like this:
单独的脚本行可能如下所示:
ssh remote-system-name command arguments ... # so, for exmaple,
ssh target.mycorp.net sudo puppet apply
#3
3
Install sshpass using, apt-get install sshpass then edit the script and put your linux machines IPs, usernames and password in respective order. After that run that script. Thats it ! This script will install VLC in all systems.
安装sshpass, apt-get安装sshpass然后编辑脚本,并将你的linux机器IPs,用户名和密码按顺序排列。然后运行这个脚本。这就是它!此脚本将在所有系统中安装VLC。
#!/bin/bash
SCRIPT="cd Desktop; pwd; echo -e 'PASSWORD' | sudo -S apt-get install vlc"
HOSTS=("192.168.1.121" "192.168.1.122" "192.168.1.123")
USERNAMES=("username1" "username2" "username3")
PASSWORDS=("password1" "password2" "password3")
for i in ${!HOSTS[*]} ; do
echo ${HOSTS[i]}
SCR=${SCRIPT/PASSWORD/${PASSWORDS[i]}}
sshpass -p ${PASSWORDS[i]} ssh -l ${USERNAMES[i]} ${HOSTS[i]} "${SCR}"
done
#4
2
If you are able to write Perl code, then you should consider using Net::OpenSSH::Parallel.
如果您能够编写Perl代码,那么应该考虑使用Net:::OpenSSH::Parallel。
You would be able to describe the actions that have to be run in every host in a declarative manner and the module will take care of all the scary details. Running commands through sudo is also supported.
您将能够以声明的方式描述必须在每个主机中运行的操作,并且模块将处理所有可怕的细节。还支持通过sudo运行命令。
#5
-1
You can follow this approach :
你可以采用以下方法:
- Connect to remote machine using Expect Script. If your machine doesn't support expect you can download the same. Writing Expect script is very easy (google to get help on this)
- 使用Expect脚本连接到远程机器。如果您的机器不支持expect,您可以下载相同的程序。编写Expect脚本非常容易(谷歌在这方面得到帮助)
- Put all the action which needs to be performed on remote server in a shell script.
- 将需要在远程服务器上执行的所有操作放在shell脚本中。
- Invoke remote shell script from expect script once login is successful.
- 一旦登录成功,从expect脚本调用远程shell脚本。