On Mon, November 17, 2014 01:17, Hadi Motamedi wrote:
A simple script which loops though a text file that lists the hostname / username / password for the login and then runs the "shutdown - h now" command? Though, I would be uneasy with listing root passwords in a random text file.
Thank you for your help . So how to open a session with another server to login with root password and issue a command on it ?
I do not believe that, on reflection, you really would want to do that. An alternative approach is to use ssh-keygen to create a key pair for root on the control host and then add that public key to the authorized_keys file inside /root/.ssh on each of the target hosts. So, something like this:
On control host as root user:
ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/<path to <<userid>> home directory>/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /<path to <<userid>> home directory>/.ssh/id_rsa. Your public key has been saved in /<path to <<userid>> home directory>/.ssh/id_rsa.pub. The key fingerprint is: 1c:6c:91:76:64:83:a5:32:4e:ac:df:28:ed:cb:9a:dd <userid>@<hostname>
That will give you the following files in /root/.ssh
ll .ssh total 28 -rw-r--r--. 1 root root 4619 Nov 17 2014 authorized_keys -rw-------. 1 root root 3239 Nov 17 2014 id_rsa -rw-r--r--. 1 root root 756 Nov 17 2014 id_rsa.pub
Now login to each of your target hosts as root and transfer /root/.ssh/id_rsa.pub from the control host and append (>>) it to /root/.ssh/authorized_keys on the target host. If the .ssh directory does not already exist on the target host then you should first create the necessary files by running ssh-keygen on the target (otherwise you need consider whether or not selinux is enforced or not? is the mode set correctly? yada, yada).
Once you have setup the target hosts for ssh and have added the control host's public key to .ssh/authorized_keys then you should be able to ssh into each from the control host without having to provide a password.
You will however need to add each remote host's identity (/etc/ssh/ssh_host_rsa_key.pub) to your own /root/.ssh/known_hosts file the first time that you connect. This can be automatically created and maintained by the ssh client so long as the remote host's ssh identity is not subsequently changed. If you have previously ssh'ed into the remote hosts than this will already have been done.
Once the connections have been set up between the control host and all of the target hosts then you should be a able to do this (mind the -t option to ssh):
for host in \ long_host_name.domain.tld \ targethost{01,02,03,04,05,06}.domain.tld \ othername{x,y,z}.domain.tld \ yet_another_very_long_host_name.domain.tld \ 192.168.0.2{1,5,7,8,9} ; do ssh -t $host 'echo -e "\n\n$HOSTNAME\n" ; /root/stopServer ; init 0'; done
Personally, I would use a separate account for this and add that account to the /etc/sudoers file on each of the targets: shutdown_userid NOPASSWD: localhost=/sbin/init 0 shutdown_userid NOPASSWD: localhost=/sbin/shutdown -h now shutdown_userid NOPASSWD: localhost=/root/stopServer
The ssh-keygen / authorized_hosts setup would then need to be done in that account's home directory on each target rather than root's. Then use 'sudo /root/stopServer ; sudo init 0' to run the shutdown scripts.
I also would use 'shutdown -h now' instead of 'init 0'