3

We've around 3000 VMs & 450 Physical servers which are Linux based servers (few of then ubuntu starting from 9.x & few of them are Susu starting 8.X & majority of them are RHEL starting from 4.x till 7.4) on all of them I need to add few hostname entries with IP details into their respective /etc/hosts files.

I've different users on each server with full sudoers access which I can use Hence I've created a CSV file with hostname, username & password format. which contains required details to log in. Filename is "hostname_logins.csv"

I need to upload a file (i.e. hostname_list to each of these servers and then update those same details in each of the servers host files.

I'll be running this script using one RHEL 6 server. (All of the other hosts are resolvable from this server & are reachable, I've confirmed it already.)

The script is working but it's asking for accepting the host key once and also asked for the password 2 times however the 3rd time it does not asked for a password it worked automatically I guess, but need to ensure it does not askes to accept the host key or passwords.:

#!/bin/bash
runing_ssh()
{
while read hostname_login user_name user_password
do ssh -vveS -ttq rishee:rishee@192.168.1.105 "sudo -S -ttq < ./.pwtmp cp -p /etc/hosts /etc/hosts.$(date +%Y-%m-%d_%H:%M:%S).bkp && sudo -S bash -c 'cat ./hostname_list >> /etc/hosts' && rm -f ./.pwtmp ./hostname_list"
done < hostname_logins.csv
}

while read hostname_login user_name user_password
do  echo $user_password > ./.pwtmp
    cat ./.pwtmp
    scp -p ./.pwtmp ./hostname_list $user_name@$hostname_login:
    runing_ssh
done < hostname_logins.csv

I need to make this as a single script which will work on all these servers. thanks in advance.

klutt
  • 30,332
  • 17
  • 55
  • 95
Hrish
  • 81
  • 7

1 Answers1

2

You are executing the original copy from /tmp with sudo, but nothing else.

while read hostname_login user_name user_password
do  echo $myPW >.pwtmp
    scp -p ./.pwtmp ./hostname_list $user_name:$user_password@$hostname_login:
    ssh -etS $user_name:$user_password@$hostname_login "sudo -S <.pwtmp cp -p /etc/hosts /etc/hosts.bkp && sudo -S <.pwtmp cat ./hostname_list >> /etc/hosts && rm -f ./.pwtmp ./hostname_list"
done < hostname_logins.csv

I dropped the explicit send to /tmp and the cp back to your home dir, and defaulted the location (to $user_name's home dir) by not passing anything to scp after the colon. Fix that if it doesn't work for you.

I created a password file for improved security and code reuse, and sent it along with the hosts list. I added a sudo -S to each relevant command, reading from the password file.

That [bash -c ...] syntax doesn't work on my implementation, so I took it out.

Hope that helps.

Update

Added -t to ssh call. Try that.

Paul Hodges
  • 13,382
  • 1
  • 17
  • 36
  • I tried your script but this is what the error I got – Hrish Oct 23 '17 at 23:36
  • [root@node2 ~]# ./script1.sh ssh: connect to host rishee port 22: No route to host lost connection rishee:rishee@192.168.1.105's password: bash: .pwtmp: No such file or directory [root@node2 ~]# – Hrish Oct 23 '17 at 23:36
  • while read hostname_login user_name user_password do echo $myPW > .pwtmp scp -p ./.pwtmp ./hostname_list $user_name@$hostname_login: ssh -eS $user_name:$user_password@$hostname_login "sudo -S <.pwtmp cp -p /etc/hosts /etc/hosts.bkp && sudo -S <.pwtmp cat ./hostname_list >> /etc/hosts && rm -f ./.pwtmp ./hostname_list" done < hostname_logins.csv – Hrish Oct 23 '17 at 23:40
  • [root@node2 ~]# ./script1.sh rishee@192.168.1.105's password: .pwtmp 100% 1 0.0KB/s 00:00 hostname_list 100% 122 0.1KB/s 00:00 rishee:rishee@192.168.1.105's password: sudo: sorry, you must have a tty to run sudo [root@node2 ~]# – Hrish Oct 23 '17 at 23:41
  • Added -t to ssh call. Try that. – Paul Hodges Oct 24 '17 at 13:39
  • I've worked on it a littke and finally got it working but still I've to accept the keys and enter password 2 times, but it works .... is there a way we can automate it using the same script... for your reference below is the working script – Hrish Oct 24 '17 at 14:35
  • #!/bin/bash runing_ssh() { while read hostname_login user_name user_password do ssh -vveS -ttq rishee:rishee@192.168.1.105 "sudo -S -ttq < ./.pwtmp cp -p /etc/hosts /etc/hosts.$(date +%Y-%m-%d_%H:%M:%S).bkp && sudo -S bash -c 'cat ./hostname_list >> /etc/hosts' && rm -f ./.pwtmp ./hostname_list" done < hostname_logins.csv } while read hostname_login user_name user_password do echo $user_password > ./.pwtmp cat ./.pwtmp scp -p ./.pwtmp ./hostname_list $user_name@$hostname_login: runing_ssh done < hostname_logins.csv – Hrish Oct 24 '17 at 14:35
  • below is how it gets executed and asked me to accept the host key once and asked for passwords 2 times but 3rd/last time it did not ask the password. – Hrish Oct 24 '17 at 14:37
  • [root@node2 ~]# ./script1.sh rishee The authenticity of host 'hrish-rhel6.2-repo-server (192.168.1.105)' can't be established. RSA key fingerprint is 81:17:8e:70:e2:28:3a:c7:10:cb:44:43:d9:d1:b2:ec. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hrish-rhel6.2-repo-server,192.168.1.105' (RSA) to the list of known hosts. rishee@hrish-rhel6.2-repo-server's password: .pwtmp 100% 7 0.0KB/s 00:00 – Hrish Oct 24 '17 at 14:38
  • hostname_list 100% 122 0.1KB/s 00:00 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 rishee:rishee@192.168.1.105's password: tcgetattr: Inappropriate ioctl for device [sudo] password for rishee: [root@node2 ~]# – Hrish Oct 24 '17 at 14:38
  • above output is split in 2 as it could not fit in single comment – Hrish Oct 24 '17 at 14:38
  • It should only ask for the host once on a server. Try it again, make sure it skips that now. – Paul Hodges Oct 24 '17 at 15:08
  • Yes second time we run the script it skips that... but we have 3000 server so in actual prod environment it will be realy annoying to accept that key even once for all 3000 servers... :( – Hrish Oct 24 '17 at 15:12
  • c.f. [this](https://stackoverflow.com/questions/43047175/inappropriate-ioctl-for-device-when-trying-to-ssh) post for related errors – Paul Hodges Oct 24 '17 at 15:17
  • c.f. [this](https://superuser.com/questions/19563/how-do-i-skip-the-known-host-question-the-first-time-i-connect-to-a-machine-vi) for ways to skip the known_hosts question. – Paul Hodges Oct 24 '17 at 16:13
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/157577/discussion-between-hrish-and-paul-hodges). – Hrish Oct 26 '17 at 13:46
  • 1
    pluse uno for tech support (and helpful answer). Good luck to all. – shellter Oct 27 '17 at 16:07