[mdlug] Remote SSH commands
Aaron Kulkis
akulkis00 at gmail.com
Wed Jan 12 00:41:45 EST 2011
Michael ORourke wrote:
> Lug Nuts,
>
> Anyone out there using the "forced-commands-only" option under OpenSSH?
>
> From what I have read, it sounds like it's a pain to administer because it
> is based on key-pairs. I'm just curious if other admins are using that
> option and restricting remote root logins. It's extremely handy to run
> commands from a central server as root, but breaks if you set
> "PermitRootLogin no" in the sshd_config.
you set up a sudo command from a normal user that runs
a script (for example, the script might be called "wrapper", which takes a pathname as an argument, and runs the script located at that pathname.
Once wrapper is installed on each remote machine served by that
server, you can then either:
1) ftp a script to each remote client
OR
2) put the script in a directory which is NFS mounted
to the client machines
in either event, then set up a script which SSH's to each
client as a normal user, and then send a command through
SSH to sudo the script.
In fact, your script on the server can be as simple as
[note: pseudocode, not complete!]
SCRIPT=/path/to/place/script
for CLIENT in list of clients here
do
rcp /location/of/script ${CLIENT}:${SCRIPT}
ssh ${USER}@${CLIENT} sudo wrapper ${SCRIPT}
done
write the script as if it will be running LOCALLY
on each client machine, because it will.
More information about the mdlug
mailing list