When I try more than one command to remotely execute commands through ssh inside other ssh, I get weird result.
From man ssh:
-t
Force pseudo-terminal allocation. This can be used to execute
arbitrary screen-based programs on a remote machine, which can be very
useful, e.g. when implementing menu services. Multiple -t options
force tty allocation, even if ssh has no local tty.
If I do
ssh -t root#host1 ssh root#host2 "cat /etc/hostname && cat /etc/hostname"
or
ssh -t root#host1 ssh -t root#host2 "cat /etc/hostname && cat /etc/hostname"
in both cases I get
host1
Connection to host1 closed.
host2
Connection to host2 closed.
I want this result:
host1
host1
Connection to host1 closed.
Connection to host2 closed.
I want to run all commands in same server using ssh inside ssh.
If I use only one ssh, it works:
ssh -t root#host1 "cat /etc/hostname && cat /etc/hostname"
host1
host1
Connection to host1 closed.
I get it work, but I can not explain what is happening.
ssh -t root#host1 "ssh -t root#host2 \"cat /etc/hostname ; cat /etc/hostname\""
host1
host1
Connection to host1 closed.
Connection to host2 closed.
Try:
That's not how -t works.
For your option try:
ssh root#host1 .....; ssh root#host2 ....
Otherwise, use PSSH that will do the uptime command on both servers at same time:
pssh -h hostfile -i uptime
Related
I am new to use sshpass command I am not sure how to give two passwod in one sshpass command
Since I am not allowed to dirctly login to host2 I need to use jumphost , passwordforHost1 is password for host1 , for host2 not sure how to provide the password.
sshpass -p "passwordforHost1" ssh -o StrictHostKeyChecking=no -J <host1> <host2>
this works properly as I am only login to host1
sshpass -p "passwordforHost1" ssh -o StrictHostKeyChecking=no <host1>
Let's consider a following code:
CMD=echo $(hostname --fqdn) >> /tmp/hostname_fqdn
ssh some_user#10.9.11.4 -i ~/.ssh/id_rsa $CMD
And now, on remote side created file /tmp/hostname_fqdn contains hostname of client side instead of hostname of remote side. Is it possible to evaluate part of command (hostname --fqdn) on remote side? How to do it?
ssh some_user#10.9.11.4 -i ~/.ssh/id_rsa hostname --fqdn >> /tmp/hostname_fqdn
or, if the CMD may change at runtime:
CMD="hostname --fqdn" && ssh cloud.luminrobotics.com $CMD >> /tmp/xxx
You cannot, however, keep the redirection of the output (>> filename) be part of the command variable, because the command will be executed on the remote host.
PS: If what you want to do with the output changes at runtime as well, then you need to use a pipe and a separate command variable, e.g.,:
CMD_REMOTE="hostname --fqdn"
CMD_LOCAL="tee /tmp/hostname_fqdn"
ssh cloud.luminrobotics.com $CMD | $CMD_LOCAL
First,
CMD=echo $(hostname --fqdn) >> /tmp/hostname_fqdn
will likely do nothing like what you expect.
CMD=echo will be pasred as setting echo as the value of $CMD, and then the return from the hostname subshell we be executed, and likely fail, creating an empty file /tmp/hostname_fqdn
ssh on the other hand is pretty flexible. You could use
ssh some_user#10.9.11.4 -i ~/.ssh/id_rsa 'hostname --fqdn >> /tmp/hostname_fqdn'
if you want the remote hostname saved to a file on the remote host, or
ssh some_user#10.9.11.4 -i ~/.ssh/id_rsa 'hostname --fqdn' >> /tmp/hostname_fqdn
if you want the remote hostname on the local server, or
hostname --fqdn | ssh some_user#10.9.11.4 -i ~/.ssh/id_rsa 'cat >> /tmp/hostname_fqdn'
if you want the local hostname on the remote server...
You have options. :)
I am trying to use a script to test ports are open from a given source-host to remote-host using netcat
So from a bastion, get the script to ssh to a source and from that source-host nc -v remote-host 1521
Ideally i will want to test from the source-host to multiple destinations
As an example:
/bin/bash
kinit # prompt for my creds
ssh source-host nc -v -n remote-host 1521
When I run script it will prompt for creds and then get error:
nc: gettaddrinfo: Name or service no known.
I suspect it is the -n flag but when I try without, it hangs
Any ideas of what I am doing wrong and how I can achieve in simplest way
Use ip address for remote-host instead or something like:
ssh source-host nc -v -n `dig +short remote-host` 80
I do this multiple times a day. Any clues on automating it, so that I can run one command to get all the way to the logs? There are two ssh and then a docker exec.
➜ ~ ssh host
Last login: Tue Jun 27 15:44:11 2017 from 10.82.34.63
$ ssh another-host
Last login: Tue Jun 27 15:44:18 2017 from host
$ docker exec -it app-container bash
[root#app-container opt]# tail -f tomcat/logs/catalina.out
We can take advantage of ProxyCommand in OpenSSH for the first part (jumping through a proxy host to SSH to others). An example for your ~/.ssh/config would look like:
Host another-host
ProxyCommand ssh -W %h:%p host
HostName another-host
If all the hosts that you are proxying through happened to be in the same domain you could catch a bunch of them with a wildcard:
Host jumphost
Hostname host.mydomain
Host *.mydomain
ProxyCommand ssh -W %h:%p jumphost
For the second part, there is no need to exec into the container with a shell before using a command. Doing docker exec -it app-container tail -f tomcat/logs/catalina.out is perfectly valid.
Combined with the SSH configuration, you can allocate a pseudo TTY (-t) and then just do one command:
ssh -t another-host docker exec -it app-container tail -f tomcat/logs/catalina.out
This is at least a partial answer for ssh. Look at ssh usage output:
ssh (.... lots of options ....) [user#]hostname [command]
So, there's an optional command at the end of the argument list, after the required hostname. This indeed works as you would expect, you can "chain" another ssh command here that's executed remote:
ssh host ssh another-host
will do.
Note that your ssh will not allocate a tty in this case, so it will not enable you to have an interactive session. But of course, you can give this second ssh something to execute as well
ssh host ssh another-host docker exec [...]
For the last part, I just looked up the docker documentation. The option -t requires a tty, so you should leave it out. Then you should be able to execute whatever you like in your container, as long as it's nothing interactive:
ssh host ssh another-host docker exec -i app-container tail -f tomcat/logs/catalina.out
Of course, for full automation, use SSH keys and have an SSH agent running with your key added.
Greeting All,
I have following query and would appreciate any help on this.Thanks.
Scenario :
My local server (server-A) is connected to one remote server (server-B).Server-B is connected to 10 other remote servers (Server-C...Server-L).
Server-A is not directly connected to (Server-C...Server-L) ,its only connected through Server-B.
I have managed to do SSH key pairing between:
Server-A <----> Server-B
Server-B <----> Server-C....Server-L
So now I can login into Server-C from Server-A using below command:
From Server-A :
ssh user-B#(IP-Server-B) -t ssh user-c#(IP-Server-C)
ssh -t user-B#(IP-Server-B) -t scp -oStrictHostKeyChecking=no test.file user-c#(IP-Server-C):/home/user-C
Here is my actual script: (Running from Server-A)
while read line
do
scp -oStrictHostKeyChecking=no test.file user-B#(IP-Server-B):/home/user-B
ssh -t user-B#(IP-Server-B) -t scp -oStrictHostKeyChecking=no test.file mtc#$line:/home/mtc
ssh -t user-B#(IP-Server-B) -t ssh -t -tqn user-c#$line sh /home/user-c/test.file
ssh -t user-B#(IP-Server-B) -t scp user-c#$line:/home/user-c/junk.txt /home/user-B
ssh -t user-B#(IP-Server-B) -t ssh user-c#$line rm -rf /home/user-c/junk.txt
scp user-B#(IP-Server-B):/home/user-B/junk.txt .
mv junk.txt junk.txt_$line
done < LabIpList
Here is the list of IP address of servers Server-c...Server-L.
cat LabIpList
1.2.3.4
2.3.4.5
3.4.5.6
4.5.6.7
5.6.7.8
6.7.8.9
7.8.9.10
....
.....
Query:
If I do above commands on command line then they work flawlessly, however If I put them on script then they fail. Because of two reasons :
tcgetattr: Inappropriate ioctl for device
pseudo-terminal will not be allocated
As the SSH-keys are recently exchanged , so user have to manually type yes to add them to know_hosts.
I believe you have already created passwordless login using ssh-keygen.Please use below options for ssh in the script
ssh -t -t -tq <IP>