LinuxQuestions.org - Using SSH in Shell Scripts

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Using SSH in Shell Scripts (https://www.linuxquestions.org/questions/programming-9/using-ssh-in-shell-scripts-431749/)

Using SSH in Shell Scripts

Hello everyone!

I'm looking to write a shell script that is able to interact with remote SSH servers. Here are a few of my requirements:

1) Remote server and key require passphrase. Rather than waiting for the time when the ssh connection is made id like to ask the user upfront for the password and let the script do the rest of the work.

2) I need to be able to interact and execute commands in this new process that is spawned from the ssh connect command. I have to do things such as change directories, delete files, etc.

Not too much but im new to shell programming and i'm thinking that i need to work with this in a stdin stdout kinda way. I'm not asking anyone to write this script, i have 3/4's of it done but i'm looking for specific tutorials or examples that you know of that deal with my requirements as i have laid them out as my searches are not bearing any fruit.

Any help is always greatly appreciated.

GNUSavior

Do the cmds run on the remote server have to interact with the user, or are you just asking him for a passphrase so you can then run a predictable set of cmds?
If the former, can you offer him a menu of cmds to be run before you start ie again create a list of predictable cmds.
Otherwise, think you might as well let the user do the work....

Basically what i want is all the info upfront...some of this is cvs commands and deployment stuff...technically speaking all i need from the user is their ssh username and ssh password and then the script should be able to do the rest. The commands are predefined and in a certain order.

The script runs, ask them for their info, does some cvs updates, builds some deployment packages, connects to a remote server via ssh, executes some predefined commands, exits that server, runs a few commands, connect to another server via ssh and do some other predefined task, exit.

To simplify it, I'd actually put the relevant scripts on the remote server and then just call them from the ssh cmd passing params only.
If you use passwd, it gets messy 'cod ssh itself will prompt for it.
Try ssh auth_keys instead.
eg cmd line:

Code:

    # Login to SMS box & attempt to send

    RESULT=`su -c "ssh $SMS_BOX \"./sendsms.sh $MSG $MOBILE_NUM\" " -l <remote_user>`

    if [[ $? -ne 0 ]]

    then

        # ssh/sms failure

        mail_msg "$0: Unable to ssh/sms to $SMS_BOX" "$0: Warning!"

    else

        TMP=`echo $RESULT|grep 'Send succeeded' 2>&1`

blah blah

Unfortunatley i cant put scripts on the remote server in my situation. I need to be able to send the commands to the ssh process from the local script. I'm not 100% sure what your example is doing but ill look and see if i can build on that example. If it wont allow me to do what i'm looking for is there another way? Thanks for your help so far Chris.

Here's a script I wrote a while back that will create and upload keys to the server for you.

############################################################
#!/bin/bash
USER="bill"
ADDRESS="192.168.1.15"
PORT="22"
NEWKEY="yes"

keygen () {
if [ $NEWKEY == "yes" ]; then
ssh-keygen -t dsa -f ~/.ssh/id_dsa
fi
}

checkfile () {
if [ -f ~/.ssh/authorized_keys2 ]; then
touch ~/.ssh/authorized_keys2
fi
}

# First let create the directory on the remote host them upload the certificate.
sshupload () {
cat ~/.ssh/id_dsa.pub | ssh -p $PORT $USER@$ADDRESS 'sh -c "mkdir ~/.ssh && cat - >>~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2"'
}

## Our Main Menu
press_enter () {
echo ""
echo -n "Press Enter to continue"
read
clear
}

selection=
until [ "$selection" = "0" ]; do
echo ""
echo "SSH Keygen PROGRAM MENU"
echo "1 - Generate & Upload New Key"
echo "2 - Upload Old Key"
echo ""
echo "0 - exit program"
echo ""
echo -n "Enter selection: "
read selection
echo ""
case $selection in
1 ) checkfile ; keygen ; sshupload ;;
2 ) sshupload ;;
0 ) exit ;;
* ) echo "Please enter 1, 2 or 0"; press_enter
esac
done

exit 0
############################################################

Once that is done all you need to do to run a command on the remote servers is something like this in your own script to execute the commands:

ssh -p 4000 bill@192.168.1.15 'sh -c "route"'

This will list the routes on the romote server, of course you can run anything you like as long as you have permissions too.

What that does is run as root on local box, login via ssh as remote_user and run send_sms.sh file on remote.
You can run each cmd individually on remote box via ssh, but it gets messy/fragile.
It's def easier to run pre-written script on remote box.

Ok, i'm still wondering though on how i can feed the ssh the user login. Right now the way i have it they have to enter it in 4 to 5 times, id like to minimize that to when they first run the script. Is there a keyword or methodology that allows you to interact with ssh this way (or any command in general, i know ssh is kind of a special case)?

Quote:

Originally Posted by GNUsavior

OK to get ssh to use the current logged in user just add the `whoami` command to a variable, something like this:

#!/bin/bash

C_USER=`whoami`
ssh -p 4000 $C_USER@192.168.1.15 'sh -c "route"'

###end of file######

So who ever runs the actual script will automatically be place in the variable, is this what you after?

Yeah, in my script you'd use $C_USER where I've put <remote_user>
-l is the ssh switch to pass (login with) remote_user id to remote box.

I apologize, i was not clear...connecting via username is no problem user@host.whatever...but i need to feed in the password as well. Thats what im looking for. Thanks again for your responses.

OK My apoligies as well, that script I wrote to create and up load the keys, just run it and when it asks for a password just hit enter instead of putting in a password. It will only ask for a password the first time you connect, then after that you should be able to login through without entering a password.

Are you talking about the key generation part? All of the keys that this will be used for are in place and are passworded, i cannot get around that. The reason why i want to be able to auto enter the password for the user b/c throughout the script it will connect to remote servers 5 different times and its troublesome to have them re-enter over and over again.

That's what auth-keys is for, it uses asymmetric (public key ) cryptography to enable systems to recognise each other (actually specific user) without users having to enter passwds.
Set up by sysadmin.
Very effective.
Alternatively, if it's the same server 5 times, you could use ssh-agent which enables you to enter it once, then it saves it encrypted in mem for duration of local session.
Try this article/howto: http://wiki.suselinuxsupport.de/wikk...Authentication

I'm going to throughly explain my setup so i dont sound like im being stubborn...im just in a certain situation.

To start ill describe the server setup.

I'm on a windows box. I have to connect to a local linux box, from here on i will refer to connecting and executing commands on the linux box as "locally or local". No problems there. This is where the my "deploy_script" is located. From this linux box i am not an admin nor will i be able to be one by asking the admin nicely =). From this box as the user i am doing the following:

1) I ask the user for a few bits of information, some of it is regarding some cvs tags as well as their ssh username and password. The ssh keys are both OK on linux box and any remote server i need to connect too.

2) I then run a series of cvs update commands locally to get all the update files from cvs. I then run a perl script locally to do some magic which isnt important here.

3) Next i run a rsync command to a remote server where the login will never be root or an admin. I will need to auto feed the users pw here as it uses the ssh keys. This rsync command moves some of the outputted files from the perl script that was ran in the last step.

4) The script then connects via ssh to a remote server (there will be different remote servers, not just one, throughout the script). Here is where i want to be able to auto feed the password without user interaction. Once on the server via ssh i execute series of shell commands to clean up files and folders. The script then exits from the ssh process.

5) The script then connect via ssh to a different remote server and runs a script there and then exits. Need to auto feed the pw of the user here as well.

6) Finally, i connect to another server via ssh and restart the apache server. I do sudo rights on the user for this but not normal root or admin rights. I will need to autofeed the user ssh pw here as well.

As you can see im fairly restricted hence the reason why im trying to keep this all in the script. I have read the article that you linked to once and i see it does require server configuration which i cannot do. I will defintley reread again and try to pick out some things that might lead me to a solution but if the above input ive given helps narrow ideas then id love to hear them. Thanks again for all your effort in helping solve this challenge.