On Mon, November 17, 2014 01:17, Hadi Motamedi wrote:
>> A simple script which loops though a text file that lists the hostname /
>> username / password for the login and then runs the "shutdown - h now"
>> command? Though, I would be uneasy with listing root passwords in a
>> random text file.
>>
>
> Thank you for your help . So how to open a session with another server
> to login with root password and issue a command on it ?
>
>
I do not believe that, on reflection, you really would want to do that. An
alternative approach is to use ssh-keygen to create a key pair for root on the
control host and then add that public key to the authorized_keys file inside
/root/.ssh on each of the target hosts. So, something like this:
On control host as root user:
ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/<path to <<userid>> home
directory>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /<path to <<userid>> home
directory>/.ssh/id_rsa.
Your public key has been saved in /<path to <<userid>> home
directory>/.ssh/id_rsa.pub.
The key fingerprint is:
1c:6c:91:76:64:83:a5:32:4e:ac:df:28:ed:cb:9a:dd <userid>@<hostname>
That will give you the following files in /root/.ssh
ll .ssh
total 28
-rw-r--r--. 1 root root 4619 Nov 17 2014 authorized_keys
-rw-------. 1 root root 3239 Nov 17 2014 id_rsa
-rw-r--r--. 1 root root 756 Nov 17 2014 id_rsa.pub
Now login to each of your target hosts as root and transfer
/root/.ssh/id_rsa.pub from the control host and append (>>) it to
/root/.ssh/authorized_keys on the target host. If the .ssh directory does not
already exist on the target host then you should first create the necessary
files by running ssh-keygen on the target (otherwise you need consider whether
or not selinux is enforced or not? is the mode set correctly? yada, yada).
Once you have setup the target hosts for ssh and have added the control host's
public key to .ssh/authorized_keys then you should be able to ssh into each
from the control host without having to provide a password.
You will however need to add each remote host's identity
(/etc/ssh/ssh_host_rsa_key.pub) to your own /root/.ssh/known_hosts file the
first time that you connect. This can be automatically created and maintained
by the ssh client so long as the remote host's ssh identity is not
subsequently changed. If you have previously ssh'ed into the remote hosts
than this will already have been done.
Once the connections have been set up between the control host and all of the
target hosts then you should be a able to do this (mind the -t option to ssh):
for host in \
long_host_name.domain.tld \
targethost{01,02,03,04,05,06}.domain.tld \
othername{x,y,z}.domain.tld \
yet_another_very_long_host_name.domain.tld \
192.168.0.2{1,5,7,8,9} ;
do ssh -t $host 'echo -e "\n\n$HOSTNAME\n" ; /root/stopServer ; init 0';
done
Personally, I would use a separate account for this and add that account to
the /etc/sudoers file on each of the targets:
shutdown_userid NOPASSWD: localhost=/sbin/init 0
shutdown_userid NOPASSWD: localhost=/sbin/shutdown -h now
shutdown_userid NOPASSWD: localhost=/root/stopServer
The ssh-keygen / authorized_hosts setup would then need to be done in that
account's home directory on each target rather than root's. Then use 'sudo
/root/stopServer ; sudo init 0' to run the shutdown scripts.
I also would use 'shutdown -h now' instead of 'init 0'
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3