Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

Remote command execution

I have to make changes and install apps on 30 identical machines.  The work is the exact same on each and will be done in the exact same location in each system.  I would like to be able to initiate, scripted or not, something from one system and get to all the other machines.  Unfortunately, I am not allowed to have an .rhosts file on any of the systems.  Are there any alternatives?
0
teckwiz01
Asked:
teckwiz01
  • 3
  • 2
1 Solution
 
tfewsterCommented:
If you're not allowed .rhosts files, I bet that your bosses would be unhappy about passwords in scripts too!

Are you allowed to set up ssh to allow you access to the remote systems without a password? Similar to the .rhosts idea, but more secure. ssh can be set up to prompt you for a passphrase once on the local system (to prove it's really you) and then will then do the remote logins without further prompting during that "session"

But it seems to me that the main problem is scripting the installation; If you can do that reliably, it's not too bad to copy the script to each client, open up 30 terminal sessions and run the script "locally" on each system - without the extra worry of if the script will work "remotely"!

If you really want to add the extra complexity of executing the individual commands remotely, the following threads may be of interest (ssh, "expect" and automating telnet):
http://www.experts-exchange.com/Programming/Programming_Platforms/Unix_Programming/Q_20995574.html
http://www.experts-exchange.com/Programming/Programming_Platforms/Unix_Programming/Q_21179831.html
0
 
teckwiz01Author Commented:
Expect seems to be the next best option.  Have to check on the password in a file issue.  Thanks.  
0
 
tfewsterCommented:
One of the nice things about "expect" is that you can use `autoexpect` to capture your interactive session and generate the script.  

Obviously the scripts and the system they're held on should be kept secure.

Personally, I'd pursue the ssh route; Then you can scp the script to the remote system and use ssh to execute it, which will avoid a lot of problems.
0
 
teckwiz01Author Commented:
Ok, I thought about using ssh but didn't understand what I read in the previous links.  
1.  You have to setup ssh to not use password?  How?  Will that affect everyone who uses ssh?
2.  How does that help me create a script that remotely executes a series of command on 30 systems?
0
 
tfewsterCommented:
1a) Briefly, you create a Public key for ssh on your local system and copy that into to $HOME/.ssh/authorized_keys on the remote system(s);  Then when you ssh to the remote system, it checks the public key & identity of your workstation against the key in authorized keys - and if they match, you're in.  See http://www.experts-exchange.com/Operating_Systems/Solaris/Q_20610462.html for the full process.  (Note, -N '' creates a blank passphrase, which is not a good idea but is closest to the .rhosts style setup.

1b) Nope, only the "pair" of users who have exchanged keys

2) You still have to script it somehow, but it simplifies distributing & running the script.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now