LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   ssh shell script question (https://www.linuxquestions.org/questions/linux-newbie-8/ssh-shell-script-question-701666/)

ihickman 02-02-2009 10:44 AM

ssh shell script question
 
Hello;

Background:

I am using a software building management tool (Quickbuild), that after a successful nightly build, calls a bash shell script to scp the nightly artifact to a deployment server, then ssh logs in, extracts the artifact, then executes a smoke test, however I am receiving false positives due to the bash shell script that it calls.

Problem:

Even though I have configured public-key authentication on ssh, sometimes it prompts me for a password. What I would like to include in my script, is the ability to recognize that a password prompt is displayed an then 'exit 2' if it does.

Shell script:

#!/bin/sh
#
#
# Copy build artifacts to remote system
cd $artifactsDir
files=`ls`
for file in $files; do
scp $file user@hostname:/opt/prod/smoketest/dropbox
done

Nutshell:

How do I add the ability to check if a password prompt is displayed when performing ssh/scp? I want the script to abruptly end if a prompt is displayed, so that the building management software shows "build failed".

colucix 02-02-2009 10:58 AM

Quote:

Originally Posted by ihickman (Post 3429248)
Even though I have configured public-key authentication on ssh, sometimes it prompts me for a password. What I would like to include in my script, is the ability to recognize that a password prompt is displayed an then 'exit 2' if it does.

You're looking for a workaround, not for a solution to the real problem. Why should it ask for password if Private/Public Key authentication is in action?

You can start by forcing the Public Key Authentication using the following option:
Code:

scp -o PasswordAuthentication=no $file user@hostname:/opt/prod/smoketest/dropbox
this forces the scp command to never attempt password authentication. In this way you can check the exit status of the scp command, that will be 1 if the copying has failed, 0 if the copy was successful.

You may also consider the -i option of ssh/scp to specify the name of the private key to use for the negotiation.

jschiwal 02-02-2009 11:03 AM

One option is to use expect. However, you shouldn't be seeing a prompt for a password when you log in.

Check if you have made the settings on the server that are suggested in the /etc/ssh/sshd_config file above the "UsePAM" line.

Code:

# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.

If these are enabled, they may be tried.

Using ssh-agent & ssh-add you can protect your private key with a passphrase but not be prompted for it after entering it using ssh-add. However this only works for the current shell, so you want ssh-add run by your ~/.profile script when you log in or start Quickbuild from the shell (or a subshell) from where you ran ssh-add.

selboo 02-02-2009 11:09 AM

????????????????

ihickman 02-02-2009 01:10 PM

Thanks
 
Thank you for the suggestions. I was able to catch the error response from the ssh command at the beginning of the script:

ssh user@hostname 'ls'
if [ $? == 255 ]; then
echo "ERROR with SCP/SSH -- Exiting"
exit 2
fi

I know its ugly, but I need QuickBuild to recognize if their are any problems with SSH/SCP, and if the above command does not execute properly, then I need QuickBuild to stop, as with the suggestions concerning the -o -i input, failure to connect still only shows as a warning in the logs, and succeeds the build without properly deploying and running the smoketest.


All times are GMT -5. The time now is 07:01 AM.