Getting ssh control of n Solaris machines
It would be so useful if the current tools and services by providers of OS tone, would pre install ssh root keys. I often execute do loops, I mean iterators, against a number of targets. I can’t do that unless I get rid of the password prompt or use expect. I prefer not to use expect on every transaction, maybe I should use it. If one could ask for n machines with root keys already installed and get some node or nodes designated as a control node, one would probably save 2-3 hours for work in this area. Things just go wrong and it doesn’t come out to 2 minutes per machine to create an administrative realm. It would be even better if a VPN was just created for you. All these wonderful OS features, missing just a little bit of scripting. I am not sure you could secure that to one user however. Anyway. The following expect script works well for me on OpenSolaris. Not interested in Mac or Linux issues with it. BTW Capistrano is supposed to resolve some of this but I can’t get past all the Ruby stuff that seems to be needed. I should compare it someday and switch if it is better. When does one stop using shell commands and switch to a better language? See future posts for a discussion on more advanced shells for operating systems.
<pre>
#!/opt/csw/bin/expect -d
set timeout 5
set key {ssh-rsa JHKJLHLJH……UIYIJHKJKJBJ…..1qYrFyj…….2+hWJg8a8xVQnFQscSc= root@rk6ru36}
spawn ssh zzzzadm@$argv
expect_after eof { exit 0 }
## interact with SSH
expect {
“assword:” { send “password\r” }
timeout { exit 1 }
}
expect “$ ” {send “su\r”}
#
# su to root
#
expect “assword:” { send “password\r” }
# put the key in /root/.ssh/authorized_keys
#expect “# ” { send “echo $key >> /root/.ssh/authorized_keys\r” }
expect “# ” { send “echo $key >> /.ssh/authorized_keys\r” }
expect “# ” { send “exit\r” }
</pre>
The reason the target is /root/.ssh and not /.ssh depends on what level of security you are running. Your ssh config may not allow root logins.
