Re: automated stopserver & shutdown?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, November 17, 2014 01:17, Hadi Motamedi wrote:
>> A simple script which loops though a text file that lists the hostname /
>> username / password for the login and then runs the "shutdown - h now"
>> command? Though, I would be uneasy with listing root passwords in a
>> random text file.
>>
>
> Thank you for your help . So how to open a session with another server
> to login with root password and issue a command on it ?
>
>

I do not believe that, on reflection, you really would want to do that.  An
alternative approach is to use ssh-keygen to create a key pair for root on the
control host and then add that public key to the authorized_keys file inside
/root/.ssh on each of the target hosts.  So, something like this:

On control host as root user:

ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/<path to <<userid>> home
directory>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /<path to <<userid>> home
directory>/.ssh/id_rsa.
Your public key has been saved in /<path to <<userid>> home
directory>/.ssh/id_rsa.pub.
The key fingerprint is:
1c:6c:91:76:64:83:a5:32:4e:ac:df:28:ed:cb:9a:dd <userid>@<hostname>

That will give you the following files in /root/.ssh

 ll .ssh
total 28
-rw-r--r--. 1 root root 4619 Nov 17  2014 authorized_keys
-rw-------. 1 root root 3239 Nov 17  2014 id_rsa
-rw-r--r--. 1 root root  756 Nov 17  2014 id_rsa.pub


Now login to each of your target hosts as root and transfer
/root/.ssh/id_rsa.pub from the control host and append (>>) it to
/root/.ssh/authorized_keys on the target host.  If the .ssh directory does not
already exist on the target host then you should first create the necessary
files by running ssh-keygen on the target (otherwise you need consider whether
or not selinux is enforced or not? is the mode set correctly? yada, yada).

Once you have setup the target hosts for ssh and have added the control host's
public key to .ssh/authorized_keys then you should be able to ssh into each
from the control host without having to provide a password.

You will however need to add each remote host's identity
(/etc/ssh/ssh_host_rsa_key.pub) to your own /root/.ssh/known_hosts file the
first time that you connect.  This can be automatically created and maintained
by the ssh client so long as the remote host's ssh identity is not
subsequently changed.  If you have previously ssh'ed into the remote hosts
than this will already have been done.

Once the connections have been set up between the control host and all of the
target hosts then you should be a able to do this (mind the -t option to ssh):

for host in \
  long_host_name.domain.tld \
  targethost{01,02,03,04,05,06}.domain.tld \
  othername{x,y,z}.domain.tld \
  yet_another_very_long_host_name.domain.tld \
  192.168.0.2{1,5,7,8,9} ;
  do ssh -t $host 'echo -e "\n\n$HOSTNAME\n" ; /root/stopServer ; init 0';
  done

Personally, I would use a separate account for this and add that account to
the /etc/sudoers file on each of the targets:
shutdown_userid  NOPASSWD: localhost=/sbin/init 0
shutdown_userid  NOPASSWD: localhost=/sbin/shutdown -h now
shutdown_userid  NOPASSWD: localhost=/root/stopServer

The ssh-keygen / authorized_hosts setup would then need to be done in that
account's home directory on each target rather than root's. Then use 'sudo
/root/stopServer ; sudo init 0' to run the shutdown scripts.

I also would use 'shutdown -h now' instead of 'init 0'

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux