I am writing a script to run a specific command from one server to all other servers in a network. If SSH direct root is enabled then I am able to get the output but in my network we blocked direct SSH root access so my script is not giving output.

One option is we can create a new user and give sudo permission to run a specific command but creating a user account is a big process in our office.

Can you guys please suggest some other way to fix this.....

depending on the version of the distro and the version of openssh, maybe there is an exploit you can take advantage of that hasnt been patched yet ?

maybe you can log in as root and open a listening port using netcat so that when it receives a certain string it will run a certain command.

All the servers are done with the patch and those servers are more secure....

I hope that's a joke and not the kind of sound technical advice we would like LQ to be known for?


Isn't that basically telling the OP to create a backdoor w/o any authentication?..


Wheel reinvention-wise there's OTS tools dealing with ^whatever.on.*multiple hosts already like ClusterSSH, Dsh, Fanout / Fanterm, Tentakel, Shocto, SwitchTower, MUC, Parallel SSH and RGANG.


Good!


I'm sorry but that isn't a technical problem.


It depends on what your "specific command" is supposed to do (why don't you tell us?) and what flexibility you need. For example if it is only about passive system information gathering then you could look into SNMP (do using version 2 or 3 and set a read-only community) or even a Xinetd-based script.

1 members found this post helpful.

yeah, kinda' my lame tongue-in-ckeek attempt to help the op consider that what s/he is trying to fix mite be fairly ludicrous (they are essentially asking for a way to circumvent security that they put in place). without proper authorization s/he would have to hack their way thru.

i only heard of a few of the programs you listed above (i assumed root would be necessary to access the resources they wanted but possibly not) ... methinks i souldve left this untouched as a 0 reply thread.

Ah, OK. I see. Next time an overabundance of smilies might help :-]


Hell no, it was constructive, so feel free to post...

What if you allow ssh to root with a forced command?

http://oreilly.com/catalog/sshtdg/ch...h08.html#22858

Assuming you do it right, can that be as secure as blocking all ssh root access?

Create a user and allow sudo nopasswd access to just the one command you want to run. That's what sudo is for. You could also have a cron script run and then email the output or save it to a file that you can cat after logging into the server but that all depends on what the command is really supposed to do.

Give sudo permission to already created user if creating new user is a lengthy process.