Operating System - HP-UX
1839169 Members
2859 Online
110136 Solutions
New Discussion

Re: Script needed to test SSH trusts

 
Jayson B. Hurd
Advisor

Script needed to test SSH trusts

I have written a script that will loop through and push code to a dynamically generated list of servers via scp.

All these servers should trust the server running the script. Should...

Occasionally there are problems where the password expires or the account locks out. The server will then prompt for a password, at which point my script would hang forever.

I need some procedure to call or command to invoke for each server that would test to make sure login was possible, i.e. that the trust is working, BEFORE it scps. So far I've been unable to find anything that will do this and I'm not handy with TCL or Perl enough to do this.

Any ideas?
12 REPLIES 12
IT_2007
Honored Contributor

Re: Script needed to test SSH trusts

you can use exit command after pushing code so that if it asks for password then it will come out instead of hanging forever.
otherwise, you can generate ssh keys and copy pub key to authorized_keys file and copy it to server:/home/userid/.ssh directory and it won't ask for password.
Jayson B. Hurd
Advisor

Re: Script needed to test SSH trusts

If I put the exit code after it, then it will never get there since it hangs at that step.

I can fix the keys, but I would want to know when it fails.
Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

in your ~/.ssh/config file set

NumberOfPasswordPrompts 0

then it will skip those servers that prompt for passwd.

Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

If you want to know when it fails with the option I mentioned above set.

$? will be non 0 thus you can check it.

for server in list
do
scp stuff here
[[ $? != 0 ]] && echo "$server failed"
done
Jayson B. Hurd
Advisor

Re: Script needed to test SSH trusts

Do I need to set that number of password prompts on each server or just on the server from which I run the command?

Also, can I create an alertnate config file called only by this script? I don't normally want to ignore password prompts, only when this script runs.

Thanks.
Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

It should only be needed from the source server.

I don't think you can make an alternate config file. But I am not 100% sure.

You could simply have a config.scp_script and mv it into and out of place at the beginning and end of your script so it is only there while the script runs.

you might be able to pass the option on the command line also with the -o option, then you wouldn't need the config file at all.

scp -o NumberOfPassword_Prompts 0 .....

I have never tried that you can check scp man page to make sure it will work.
Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

It should only be needed from the source server.

I don't think you can make an alternate config file. But I am not 100% sure.

You could simply have a config.scp_script and mv it into and out of place at the beginning and end of your script so it is only there while the script runs.

you might be able to pass the option on the command line also with the -o option, then you wouldn't need the config file at all.

scp -o NumberOfPasswordPrompts 0 .....

I have never tried that you can check scp man page to make sure it will work.
Jayson B. Hurd
Advisor

Re: Script needed to test SSH trusts

I tried it and it still prompts for a password:

loramab00001001:/oracle/admin/dmdbdr/adhoc $ ssh2 -F /oracle/.ssh2/script_ignore_prompt_config aorarib00001q01
warning: Configuration option NumberOfPasswordPrompts is deprecated.
This is a proprietary system requiring authorized access. Any unauthorized
access and/ or use of this system is not permitted. Any authorized use is
subject to compliance with applicable law and corporate policies, as may be
amended from time to time. Accordingly, this system may be monitored and
the results recorded and reviewed. By using or accessing this system, you
expressly acknowledge that you are an authorized user and are not entitled
to any privacy rights with respect to your use of this system.
oracle's password:
Received signal 2. (no core)
[User:oracle Sid:dmdbdr]
loramab00001001:/oracle/admin/dmdbdr/adhoc $
Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

grr double posts actually from the commandline with ssh you can do

ssh -o NumberOfPasswordPrompts=0 server cmds

So scp should be take it also.

hope that helps.

Jayson B. Hurd
Advisor

Re: Script needed to test SSH trusts

Yeah, it still prompts for a password. I'll have to find another option to use if there is one.
Marvin Strong
Honored Contributor

Re: Script needed to test SSH trusts

hmm it works on mine.
$ ssh -o NumberOfPasswordPrompts=0 192.168.0.3
(publickey,gssapi-with-mic,password).
$ echo $?
255
$

I do have a slightly older verison of ssh though.

$ ssh -v
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

Jayson B. Hurd
Advisor

Re: Script needed to test SSH trusts

Guess what? I looked at other -o options and found the one that works:

-o BatchMode=yes

That successfully skips any password requests.