In this article, we are going to complete what we have started in part1.
The host command
This command is used to convert names to IP addresses and vice versa.
host HOSTNAME host IPADDRESS
We need to get the IP address of the machine named client01.test.com
Communicating with Other Systems
Now, as we are able to resolve machine names to their equivalent IP addresses, it is time to learn how to communicate with those machines, and how to make this inside our scripts.
The ssh Client
The ssh command is a client program for logging into a remote machine and for executing commands on a remote machine. It is used to provide secure encrypted communications between two hosts over insecure network. SSH is the default method to access terminal shell on a remote Linux machine.
The simplest forms of ssh command are:
ssh USER@HOSTNAME ssh USER@HOSTNAME ‘COMMAND’
USER is a user account on the remote machine, used to authenticate to it.
HOSTNAME is the “resolvable” hostname or IP address of the remote machine.
COMMAND is a Linux shell command to execute on the remote machine.
We need to establish an SSH connection to the host 192.168.1.5 using the remote user ahmed.
In this example, we are going to retrieve the date and time info from the remote machine 192.168.1.5
The Secure Copy scp Utility
scp copies files securely between hosts on a network. It uses the SSH protocol for data transfer. So, it uses the same authentication and provides the same security as SSH.
scp FILE … USER@HOSTNAME:/PATH/ON/REMOTE/MACHINE scp USER@HOSTNAME:/PATH/ON/REMOTE/MACHINE/FILE LOCALDESTINATION
FILE is the file(s) to be transferred.
/PATH/ON/REMOTE/MACHINE is the path on the remote machine. In the first form, it represents the destination, while in the second, it represents the path of the source file or directory.
LOCALDESTINATION is the destination file/directory on the local machine.
When copying directories, use the –r option.
We need to copy a file from the local machine to /opt on the host 192.168.1.5
SSH Without Prompting for Password
In the first place, we write scripts to automate as much as possible of our work tasks. Such tasks may include (for example) long night backups that should run completely unattended (otherwise, you should avail an employee to exist every night to start the backup). Fortunately, Crontab jobs have offloaded this part from our shoulders. There is one more issue to care about: the script should require as little as possible of human interference (and even better if no interference is required at all). For instance, consider a script that needs at some point the user to provide a connection password. In this case, human intervention is a must, otherwise, the script won’t continue.
The SSH and SCP utilities are examples for this problem, as they require entering a password. So, if we use either of them inside our script, the script will stop, and wait for the user to enter the password for the SSH/SCP connection.
Fortunately again, there are two solution for this problem, which give us the capability to establish SSH and SCP connections without having to enter a password. In this section, we are going to learn the two methods that solve the issue.
The sshpass command
sshpass is a utility that acts as a non-interactive SSH password provider. The password can either be: passed to it as a command-line argument, a password it reads from a file, or it takes interactively from the user.
sshpass –p PASSWRD COMMAND sshpass –f FILE COMMAND
PASSWORD is the password we need to provide non-interactively.
COMMAND is the ssh (or scp) command to execute.
FILE that contain the password in its first line.
Back to the example of getting the current date and time from a remote machine. If this info should be retrieved inside a script, the ssh connection (that will execute the date command) shouldn’t need user intervention.
- The –p option is followed by the password to be provided “P@ssw0rd”.
- The command ssh firstname.lastname@example.org ‘date’ is the command to executed and provided the password on request.
Back to the copy example. This time, we need to take a backup from the /etc/sysconfig directory. One way of doing this is to copy the entire directory to a remote machine.
That is it!!
Using Key-based Authentication
Obviously, the sshpass method is not secure. So, the need arises to develop a method that automates the SSH authentication, while at the same time, doesn’t compromise system security. For this purpose, the Key-based authentication method was developed.
In this way, authentication occurs without having to provide the password in any form.
How to Configure SSH-Key Authentication?
On the machine intended to initiate the SSH/SCP connections, login as the user that will run the ssh/scp command, and follow this procedure:
- Generate a pair of SSH keys:
- The newly-generated keys are stored in the user’s home directory, under .ssh directory:
- Now, we will copy the public key to the destination server:
- Now, try to establish an SSH connection to the destination host:
ping –c COUNT HOST
COUNT is the number of ICMP echo request packets to be sent.
HOST is the hostname or IP address of the host to check.
The following will check whether the hosts 192.168.1.1 and 192.168.1.20 are reachable or not.
Write a script that works as an IP scanner, and scan the subnet 192.168.1.0/24.
Read the following script:
Let’s see it in action.
* * * * * *
That was part two of the articles on Scripting for Network. The next will be a new article. So, just wait for it. We won’t be late.