<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Osaka">I used to manage ~150 Linux desktop and would have
to do one off scripts to make updates. Fortunately I found Puppet and
now I never have to do things like this any more but here's the
Bash/Expect combo that I used to use:<br>
<br>
chris$ ./mass_copy.sh:<br>
<br>
#!/bin/sh<br>
export ROOTPW='secret1'<br>
export ADMINPW='secret2'<br>
<br>
HIVES="machine1 machine2 machine3"<br>
for machine in $HIVES; do<br>
/path/to/script/get_root.exp $machine<br>
done<br>
<br>
</font><font face="Osaka">chris$ cat get_root.exp</font><br>
<font face="Osaka">#!/usr/bin/expect -f<br>
<br>
set timeout 40<br>
<br>
spawn ssh [lrange $argv 0 0]<br>
expect "admin@$argv's password:"<br>
send "</font><font face="Osaka">$env(ADMINPW)</font><font face="Osaka">\n"<br>
expect "\\$"<br>
send "exec su -\n"<br>
expect "Password: "<br>
send "$env(ROOTPW)\n"<br>
expect "#"<br>
send "/mnt/it_updates/update_something.sh\n"<br>
interact<br>
expect "\\#"<br>
send "exit\n"<br>
</font><br>
This was handed down to me by the sysadmin who was here before me and
it worked great except sometimes it would not log out of each machine
and I would have to babysit it and press CTRL-D after each run. It can
easily be expanded on to suit your needs, and maybe someone in the
mailing list can refine it, but if this is your job and you think there
is even the remotest possibility that you would have to do this again,
seriously look into Puppet, Func, mCollective, really anything is
easier then doing it this way.<br>
<br>
Chris<br>
<br>
On 3/4/10 12:48 AM, Chris Geldenhuis wrote:
<blockquote cite="mid:4B8F4997.5020600@iafrica.com" type="cite">
<pre wrap="">Tim Nelson wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105
----- "Jeremy Rosengren" <a class="moz-txt-link-rfc2396E" href="mailto:jeremy.rosengren@gmail.com"><jeremy.rosengren@gmail.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
On Wed, Mar 3, 2010 at 3:36 PM, James Hogarth
</pre>
</blockquote>
<pre wrap=""><<a class="moz-txt-link-abbreviated" href="mailto:james.hogarth@gmail.com">james.hogarth@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:james.hogarth@gmail.com"><mailto:james.hogarth@gmail.com></a>> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
> On 3 March 2010 21:20, Tim Nelson <<a class="moz-txt-link-abbreviated" href="mailto:tnelson@rockbochs.com">tnelson@rockbochs.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:tnelson@rockbochs.com"><mailto:tnelson@rockbochs.com></a>> wrote:
> > Greetings All-
> >
> > I'm about to embark on some remote management testing and need
a way to login to a remote system running CentOS 4.x/5.x via SSH,
su to root (using a password), then execute a command.
> >
> > I currently login to the boxes using key based SSH like this:
> >
> > ssh -i ~/remote_key admin@$REMOTEIP
> >
> > Then, I SU to root. However, if I try to do this automatically
like this:
> >
> > ssh -i ~/remote_key admin@$REMOTEIP 'su -l'
> >
> > I'm getting:
> >
> > "standard in must be a tty"
> >
> > So, how am I able to remote login using SSH, su to root, then
execute a command as root?
> >
> > All comments and suggestions welcome. Thanks!
> >
> > --Tim
> > _______________________________________________
> > CentOS mailing list
> > <a class="moz-txt-link-abbreviated" href="mailto:CentOS@centos.org">CentOS@centos.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:CentOS@centos.org"><mailto:CentOS@centos.org></a>
> > <a class="moz-txt-link-freetext" href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</a>
> >
>
>
Best off configuring sudo for that user (with no password) and make
> sure that user has !requiretty in the sudoers configuration.
>
> James
>
> _______________________________________________
> CentOS mailing list
> <a class="moz-txt-link-abbreviated" href="mailto:CentOS@centos.org">CentOS@centos.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:CentOS@centos.org"><mailto:CentOS@centos.org></a>
> <a class="moz-txt-link-freetext" href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</a>
</pre>
<blockquote type="cite">
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">Does "ssh -t" help?
YESS. It prevents the tty error from showing up and asks me for a
password as expected. BUT, how do I then automate the entering of the
password?
John Kennedy mentioned using expect which I've used before but found
it to be 'finnicky'. I may have to look at it again...
Changing settings such as sudo configuration or ssh config may be
daunting since I have a large number of systems(150+) that would need
to be modified. :-/
--Tim
------------------------------------------------------------------------
_______________________________________________
CentOS mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CentOS@centos.org">CentOS@centos.org</a>
<a class="moz-txt-link-freetext" href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</a>
</pre>
</blockquote>
<pre wrap="">I found that Python expect is far more logical and understandable for
complex tasks than the expect command.
ChrisG
_______________________________________________
CentOS mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CentOS@centos.org">CentOS@centos.org</a>
<a class="moz-txt-link-freetext" href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</a>
</pre>
</blockquote>
</body>
</html>