[mdlug] Remote SSH commands

Mark Montague markmont at umich.edu
Wed Jan 12 01:20:56 EST 2011


  On January 12, 2011 0:41 , Aaron Kulkis <akulkis00 at gmail.com>  wrote:
> you set up a sudo command from a normal user that runs a script (for 
> example, the script might be called "wrapper", which takes a pathname 
> as an argument, and runs the script located at that pathname. [...]
> In fact, your script on the server can be as simple as
> [note: pseudocode, not complete!]
>
> SCRIPT=/path/to/place/script
> for CLIENT in   list of clients here
> do
>    rcp /location/of/script ${CLIENT}:${SCRIPT}
>    ssh ${USER}@${CLIENT} sudo wrapper ${SCRIPT}
> done

rcp is horribly insecure [*] (rsh - and its siblings rlogin and rcp -- 
are much worse than ftp, which isn't really good to use either).  Since 
you have ssh on the system, and have already set up a public/private 
keypair for ${USER}, use scp to distribute the files instead:

     scp /location/of/script ${USER}@${CLIENT}:${SCRIPT}

[*] See http://www.google.com/search?q=rsh+security+issues

--
   Mark Montague
   mark at catseye.org




More information about the mdlug mailing list