HPE Community
Operating System - HP-UX
1837522 Members
3570 Online
110117 Solutions
New Discussion

Re: ssh timeout in a script?

 
SOLVED
Go to solution
Gordon Morrison_1
Regular Advisor

‎01-17-2005 02:33 AM

‎01-17-2005 02:33 AM

ssh timeout in a script?

I run a script weekly from cron on a HP-UX 11.00 server which collects system info from other servers on our network.
The server on which I run this script (the "admin server") is running SSH 3.81 as are some of the others. Other nodes are all running HP-UX, either 10.20, 11.00 or 11.11
My script loops through a list of servers, and first checks to see if ssh is installed on the remote server - if it is, it collects the info by remotely running ssh commands, otherwise it uses remsh.
My problem is that I am not the only SysAdmin, and some people have been installing ssh on various servers (fine) but they aren't setting up the authorized_keys file to accept passwordless logins from the admin server (bad). The result is that I sometimes come in on Monday to find the script still sitting there because it's been waiting for a password since Sunday afternoon.

This was the original form of the test for ssh on the remote servers:
if ssh $host uname>/dev/null 2>&1
then
REMSH=ssh
else
REMSH=remsh
fi

This works fine if ssh is not installed on $host, and works equally well if ssh is installed, and authorized_keys is present and correct. It only fails when authorized_keys doesn't contain a valid entry for the admin host.

I have trawled these forums, and I have tried suggested command-line options for ssh to try to detect a failed attempt due to no authorized_keys entry, but the suggestions I've found don't work:
1)
if ssh -o LoginGraceTime=30 node2 uname>/dev/null 2>&1
then
echo ssh worked
else
echo ssh failed
fi
This always produces the error:
command-line: line 0: Bad configuration option: LoginGraceTime
ssh failed

2)
if ssh -o ServerAliveInterval=20 -o ServerAliveCountMax=3 node2 uname>/dev/null 2>&1
then
echo ssh worked
else
echo ssh failed
fi
This only works if the ssh is successful (i.e. authorized_keys is present and correct). If it isn't it just sits there waiting for a password until I ^C it.

Is there a way to detect whether a host will allow a passwordless ssh login/remote command, and/or to force a timeout (say 60 seconds) if the attempt doesn't return successfully in that time?

Thanks in anticipation
Gordon
What does this button do?
0 Kudos
7 REPLIES 7
Florian Heigl (new acc)
Honored Contributor

‎01-17-2005 02:46 AM

‎01-17-2005 02:46 AM

Re: ssh timeout in a script?

there was a posting on itrc, but I'm searching for it since a week and can't find it myself anymore.

It was based on restricting the authentication method to public key - somehow...
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Steven E. Protter
Exalted Contributor

‎01-17-2005 03:05 AM

‎01-17-2005 03:05 AM

Re: ssh timeout in a script?

what about background ssh?

You fire everything up background and what hangs hangs.

~^Z

Thats the command line option.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Michael_356
Frequent Advisor

‎01-17-2005 03:54 AM

‎01-17-2005 03:54 AM

Re: ssh timeout in a script?

Hi there,

try to put 'LoginGraceTime 600' in your ssh.config.

Then it should be work

regards

Michael
0 Kudos
Ermin Borovac
Honored Contributor

‎01-17-2005 01:22 PM

‎01-17-2005 01:22 PM

Solution

Re: ssh timeout in a script?

Try

$ ssh -o PreferredAuthentications=publickey

It should fail if :.ssh/authorized_keys is not setup.
0 Kudos
Andrew Cowan
Honored Contributor

‎01-17-2005 06:57 PM

‎01-17-2005 06:57 PM

Re: ssh timeout in a script?

This sounds like a bug in this version as I have used these kinds of tests in the past and they have worked.

One possible workaround could be to spawn a separate background script that writes to several flag files e.g. script-started, key-OK, failed. Your command script then waits for an arbitory length of time then checks the status files to see if the host is accepting the key.

If successful proceed with the transfer, otherwise delete the flag files and kill the other script.
0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-17-2005 08:48 PM

‎01-17-2005 08:48 PM

Re: ssh timeout in a script?

Thanks to all for the swift replies:
Florian - You were on the right track (see below)
Steven - I see what you're saying here, but it wouldn't be my preferred option in this case.
Michael - I already tried that, really not sure why it didn't work (yes, I did a kill -HUP after changing the config)
Ermin - WooHoo! This looks like what Florian was thinking of and it works! Thanks.
Andrew - Like Steven's suggestion, it could work, but wouldn't be my first choice in this situation.

Thanks again to all.
What does this button do?
0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-17-2005 08:54 PM

‎01-17-2005 08:54 PM

Re: ssh timeout in a script?

Someone give Ermin a rabbit!
What does this button do?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.