Running commands on a batch of computers

[srochford]

How can I remotely execute the same command on a batch of computers?

In Windows I'd do something like:

Code:

for %i in (1 2 3 4) do psexec \\computer%i <some command>

and as long as I'm admin on the remote computers the command gets executed.

I know I can use SSH to remotely execute a command but it prompts for a password every time (and if I've not connected to the machine before I also get asked to accept the key). I'd like to do this without having to type the password lots of times or I might as well just go and log on to 36 machines!

[dhicks]

I know I can use SSH to remotely execute a command but it prompts for a password every time (and if I've not connected to the machine before I also get asked to accept the key).

You generate a public / private SSH key pair, place the public key in the .ssh/authorized_keys file in the home folder of whichever user you wish to log on as on the remote machine you wish to log on to, then you tell ssh to log on to that machine using your private key - something like:

ssh -o stricthostkeychecking=no -i my.key root@SERVERNAME commandGoesHere

The stricthostkeychecking=no bit will skip you being asked whether you wish to accept the remote signature key. You might have to delete the local .ssh/known_hosts beforehand.

--
David Hicks

[somabc]

Not an elegant (or secure!) solution but you can use EXPECT in scripting to respond to interactive prompts if necessary.

expect(1) - Linux man page
SSH login expect shell script to supply username and password

Code:

#!/usr/bin/expect -f

# This script needs three argument to(s) connect to remote server:
# password = Password of remote UNIX server, for root user.
# ipaddr = IP Addreess of remote UNIX server, no hostname
# scriptname = Path to remote script which will execute on remote server
# For example:
#  ./sshlogin.exp password 192.168.1.11 who
# set Variables

set password [lrange $argv 0 0]
set ipaddr [lrange $argv 1 1]
set scriptname [lrange $argv 2 2]
set arg1 [lrange $argv 3 3]
set timeout -1
# now connect to remote UNIX box (ipaddr) with given script to execute
spawn ssh -p 22 root@$ipaddr $scriptname $arg1
match_max 100000

expect {
       -re ".*Are.*.*yes.*no.*" {
       send "yes\r"
       exp_continue
       #look for the password prompt
       }

       "password:" {
       send -- "$password\r"
       #he expect command will now return
       }
}

[pete]

You didn't mention whether you were querying for info or making changes, but if it's the latter you could also look at using puppet to automate things. Make a change to the reference file on the puppetmaster server and the puppets will all pull in the change when they next check in with it. Start with something simple and small (adding the school name to /etc/motd, for example) and move on from there.

puppet - Trac

Redmonk episode that led to me implementing it here: People Over Process » Puppet at Google - RedMonk Radio Episode 48

[somabc]

There is also sshpass, but again with the need to hardcode passwords

Key based login is really the way to go!

sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script

How do I login over ssh without using password less RSA / DSA public keys? How do I use ssh in a shell script? How do I login non-interactivly performing password authentication with SSH and shell scripts?

A. You can use sshpass command to provide password for ssh based login. From the man page:

sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode.

ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.

The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

[somabc]

This is EXACTLY what you want!

ClusterSSH controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection.

SourceForge.net: Cluster SSH - Cluster Admin Via SSH
ssh on multiple servers Using cluster ssh -- Debian Admin
ClusterSSH - Cluster Wiki

[srochford]

Thanks all - lots of new toys for me to play with :-)