Summary: script to ssh into remote box & issue remote box's commands

From: sunhux G <sunhux_at_gmail.com>
Date: Thu Jul 10 2008 - 05:33:10 EDT
My favourite is reply "A" from Vitaly as it specifically addresses Netapp
Filer but  I could not scp nor ftp the public key file into it (winscp
session
gets kicked after password is entered while there's no ftp client in filer.

I'll just list the concise scripts/reply herein :

Another list member  enquired me about it too.


Reply A: (my comments in bracketts)
======
 you can use ssh authorized keys from you host to use no password ssh
connection to your SAN netapp:

1. on the monitoring host:

  - create pair ssh keys, private & public by ssh-keygen from SSH pkg like

     ssh-keygen -t dsa -b 1024  (with no paraphrase)
  - save both keys in root home folder, for Solaris it's /.ssh

2. on the netapp

 - mount /vol/vol0/etc   ('mount' command not there;  /vol/vol0 is already
mounted)
 - cd to etc on netapp, further cd sshd/root/.ssh if not exists create it
('cd' not there)
 - in netapp/etc/sshd/root/.ssh copy public key generated on the monitoring
   host here with  authorized_keys name, make sure it has 600 root
permissions
   as well as .ssh directory  (can't find a way to ftp/scp public key into
the filer)
 - make sure that ssh option on Netapp "ssh.pubkey_auth.enable" is on

You can now run ssh remotely from your host to netapp to get info like:

 ssh 10.51.1.2 -l root 'fcp show adapter -v; lun config_check; fcp status'


Reply B: (Perl script; need Perl )
======
#!/usr/bin/perl
use strict;
# make shared keys first

# this is a security risk.  this script could be easily modified to do
serious
# serious damage
# (eg, `$sshcmd "rm -rf /"`; will blow away everything on your netapp.)
# be careful ;)

# update user and filer to your username/filer hostname
my $sshcmd = "/usr/local/bin/ssh user\@filer";

# backticks tell perl to drop to a shell and execute the command.
my $rv = `$sshcmd "fcp show adapter -v"`;
if ($rv eq "") {  # if i don't get anything back, something's wrong.
    die "something's wrong\n";
}
# print the output.
print $rv;

my $rv = `$sshcmd "lun config_check"`;
unless ($rv =~ "No Problems Found") {
         print "!!! lun config_check FAILED !!!\n";
         print "Error was $rv\n";
}
print $rv;

my $rv = `$sshcmd "fcp status"`;
if ($rv =~ /FCP service is running/) {
         print $rv;
} else {
         print "!!!! FCP status FAILED !!!!\n"
         print "Error was $rv\n";
}

# etc.

exit;



Another Perl script :


 use Net::SSH::Perl;
$host = "remote hostname or ip";
$user = "username";
$pass = "password";
$cmd = "/fullpath/remote_script.pl";
my $ssh = Net::SSH::Perl->new($host);
$ssh->login($user, $pass);
my($stdout, $stderr, $exit) = $ssh->cmd($cmd);

Reply C: (Expect script)

======

    Expect script will look something like :

    #!/usr/bin/env expect -f

    set timeout -1
    set stty_init -echo

    spawn ssh 10.51.1.2 -l root
    match_max 100000
    expect "Are you sure you want to continue connecting"
    send -- "yes\r"
    expect "password:"
    send -- "root-password-here\r"

    stty echo

    expect "sent unsupported channel request"
    send -- "\r"
    expect -exact "FILER1>"
    send -- "fcp show adapter -v\r"

    expect -exact "FILER1>"
    send -- "lun config_check\r"

    expect -exact "FILER1>"
    send -- "fcp status\r"

    expect -exact "SLAFILE1>"
    send -- "logout telnet"



thanks
U


On 7/4/08, sunhux G <sunhux@gmail.com> wrote:
>
> Hi,
>
> I'm looking for solution to capture our SAN filer's information/statistics
> to a file on a regular basis.   The filer runs a customized Unix.
>
> It's possible to put ftp commands/parameters into a file (like password,
> "cd ...", "get...").  Is it possible to do this with openssh that comes
> with Solaris?
>
> Plan is to use following crontab script (call it capture.sh) so that the
> filer's commands are captured into output.txt :
> 00,15,30,45 /adm/script/capture.sh >> /var/tmp/output.txt 2>>
> /var/tmp/err.txt
>
> # ssh 10.51.1.2  -l root          (don't find any "-p password" for ssh)
> The authenticity of host '10.51.1.2 (10.51.1.2)' can't be established.
> ...
> Are you sure you want to continue connecting (yes/no)? yes
> root@10.51.1.2's password:
>
> FILER1> Fri Jul  4 13:27:35 SGT [SLAFILE1:
> openssh.invalid.channel.req:warning]: SSH client (SSH-2.0-OpenSSH_4.3) from
> 10.51.1.45 sent unsupported channel request (10, env).
>
> FILER1>
> FILER1> fcp show adapter -v
>
> ...........
>
> FILER1>lun config_check
> No Problems Found
> FILER1> fcp status
> FCP service is running.
> SLAFILE1> logout telnet
> Connection to 10.51.1.2 closed.
>
> If expect/tcl script is expected, appreciate a more detailed codes
>
> as I'm not familiar with expect/tcl scripting.
>
>
>
> Thanks
>
> U
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Jul 10 05:35:02 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:11 EST