HPE Community
Operating System - OpenVMS
1752625 Members
4770 Online
108788 Solutions
New Discussion юеВ

Redirecting SSH output

 
SOLVED
Go to solution
Gerhard Olsson
Advisor

тАО05-13-2005 12:24 AM

тАО05-13-2005 12:24 AM

Re: Redirecting SSH output

Jan, is that interactive or in batch as well?
Can you explain more in detail?

Gerhard


If it is OpenVMS, you expect it to work. The only problem is when something is not implemented but then it is documented. If I knew this from the beginning, I could have pushed other alternatives, but this too late know.
For ssh, HP took a bunch of non-VMS programmers without VMS knowledge to do the port. I do not believe OpenVMS programmers to release something like this.
0 Kudos
Reply
Gerhard Olsson
Advisor

тАО05-13-2005 12:31 AM

тАО05-13-2005 12:31 AM

Re: Redirecting SSH output

I mixed up the responses when writing and wrote Jan instead of Wim.
Gerhard
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО05-13-2005 12:53 AM

тАО05-13-2005 12:53 AM

Re: Redirecting SSH output

G,

This posted script is a very complex procedure with references to other stuff but you can read it to get the idea. The second script starts after a line of *.

The usage is :
$remote_command "show time" SRV
(if you have the missing parts to define the nodes belonging to SRV)
or
$remote_command "show time" node::
(if you don't have it)

But it isn't encrypted.

Wim
Wim
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО05-13-2005 01:00 AM

тАО05-13-2005 01:00 AM

Re: Redirecting SSH output

Here is how the output looks like.

WSYS01/MGRWVW>rcom "show time" srv
Will execute show time

ABETV1 at 2005-05-13 14:57:48.25
13-MAY-2005 14:57:49

ABETV2 at 2005-05-13 14:57:49.30
13-MAY-2005 14:57:50

ALP10 at 2005-05-13 14:57:50.32
13-MAY-2005 14:57:52

ALP20 at 2005-05-13 14:57:52.62
13-MAY-2005 14:57:53

.....

WPVMX2 at 2005-05-13 14:58:10.67
%RMS-E-ACC, ACP file access failed
*** Can not communicate with WPVMX2

Execution statistics for show time

Command successfully on 23 nodes
ABETV1,ABETV2,ALP10,ALP20,CSMM01,DVPM01,MXM01,SALPV1,SALPV2,SBAPV1,SBAPV2,
SDEPV1,SPVCS1,SPVCS2,SPVMX1,SPVMX2,SVBET1,SVBET2,SVCSM1,SVCSM2,SVMRX1,SVMRX2,
SY2KV3

Node unreachable on 6 nodes
SARBV1,SBETV1,SBETV2,SIVM01,WPVMX1,WPVMX2

LAT reachable, DECnet unreachable on 2 nodes
SBETV1,SBETV2
Wim
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО05-13-2005 02:37 AM

тАО05-13-2005 02:37 AM

Re: Redirecting SSH output

for remote execution of commands on a VMS in a non-interactive fashion where DECnet is available then SYSMAN is the program to use.

But the original question wants TCP/IP and encrypted.

I agree with the comments on the ssh port. Keep complaining at hp and eventually they will assign some resource to do this properly (I hope).
____________________
Purely Personal Opinion
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО05-13-2005 03:01 AM

тАО05-13-2005 03:01 AM

Re: Redirecting SSH output

Ian,

Sysman is OK for simple things but :
1) doesn't have the users environment
2) can only execute 1 command per process (per do)
3) no return status
4) just noticed, runs with base prio 7, so may disrupt production
5) less node selection possibilities

Wim
Wim
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО05-13-2005 06:02 AM

тАО05-13-2005 06:02 AM

Re: Redirecting SSH output

Re Wim,

I agree on 1-4, but #5?

Define any relevant combination of nodes as a searchlist in SYSMAN$NODE_TABLE, and use that name in
SYSMAN> NODE=..

or,
in SYSMAN.INI,

or,
define SYSMANINI , and define in that file.

HTH

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Gerhard Olsson
Advisor

тАО05-15-2005 09:43 PM

тАО05-15-2005 09:43 PM

Re: Redirecting SSH output

The setup is for accessing Solaris nodes, so OpenVMS native methods is not possible...
The issue is not to get an encrypted channel to the remote node, but avoid letting the password in the clear, that is done with rsh/rexec.

I plan to use something like the command procedure below. The scripts in Solaris have been modified to write the exit status, and a reason. The exit status must be unique enough to not get false matches...


$ type t2.com
$! Command procedure to execute ssh commands on remote node
$! The command on the remote node must write the exit status in the
$! output text (including reason) as the exit status is not propagated
$!
$ ws="WRITE SYS$OUTPUT"
$ cmd="getStat"
$ call test_ssh "go@10.1.2.57" "''cmd'"
$ write sys$output "''exit_status':''reason'"
$ exit
$
$test_ssh: subroutine
$ remnode="''p1'"
$ cmd="''p2'"
$!Use separate que to minimize the risk for deadlock
$ bqueue="''f$getsyi(""nodename"")'_bat"
$ key_string="ExitStatus:"
$get_files:
$ tmp=F$UNIQUE()
$ bfile="SYS$LOGIN:''tmp'.COM"
$ lfile="SYS$LOGIN:''tmp'.LOG"
$ IF f$search(bfile) .nes. "" .or. f$search(lfile) .nes. "" -
THEN GOTO get_files
$ open/WRITE f 'bfile'
$ write f "ssh ""''remnode'"" ""''cmd'"""
$ close f
$ SUBMIT/QUEUE='bqueue' 'bfile'
$ synchronise /entry='$entry'
$ open F 'lfile'
$ LOOP_CMD:
$ READ F str/END=end_loop_cmd_nomatch
$ IF f$length(str) .eq 0 THEN GOTO LOOP_CMD
$ IF f$locate (key_string,str) .eq. 0
$ THEN
$ tmp=f$extract(f$length(key_string)+1, f$length(str), str)
$ tmp=f$edit(tmp,"TRIM")
$ exit_status==f$element(0," ",tmp)
$ tmp2=f$extract(f$length(exit_status)+1, f$length(tmp), tmp)
$ reason==f$edit(tmp2,"TRIM")
$ GOTO end_loop_cmd
$ ENDIF
$ GOTO LOOP_CMD
$ end_loop_cmd_nomatch:
$ ws "Warning: did not find ''key_string' in ''cmd'"
$ exit_status==-1
$ reason=="No information"
$ end_loop_cmd:
$ CLOSE F
$ DELETEE 'bfile';0,'lfile';0
$ RETURN
0 Kudos
Reply
Gerhard Olsson
Advisor

тАО05-15-2005 09:51 PM

тАО05-15-2005 09:51 PM

Re: Redirecting SSH output

Wim: Thanks for the script. Not exactly what I was looking for but sharing is always apreciated.

I will not close this thread yet, I still believe there is possibility to take control of the output for ssh...
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО05-16-2005 06:01 PM

тАО05-16-2005 06:01 PM

Re: Redirecting SSH output

Just a note for Jan,

Node slection : in the script we use dspn. This tool allows you to assign a number of ketwords to each node. Then you can use boolean expressions using these keywords.

E.g. (SRV .AND. DVP) .AND. .NOT. CSM
(all servers for devlopment not located in our CSM building).

Wim
Wim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.