Specifications
A Key-Based SSH Scripting Example
A cluster of servers is an ideal environment for using key-based SSH. The following Perl
script is a trivial scripting example, and it shouldn’t be implemented. It demonstrates
connecting over an SSH tunnel to each server dened in the variable serverList,
running softwareupdate, installing available updates, and restarting each server if
necessary. The script assumes that key-based SSH has been properly set up for the root
user on all servers to be updated.
#!/usr/bin/perl
# \@ is the escape sequence for the “@” symbol.
my @serverList = ('root\@exampleserver1.example.com',
'root\@exampleserver2.example.com');
foreach $server (@serverList) {
open SBUFF, “ssh $server -x -o batchmode=yes ‘softwareupdate -i -a’ |”;
while(<SBUFF>) {
my $flag = 0;
chop($_);
#check for restart text in $_
my $match = “Please restart immediately”;
$count = @{[$_ =~ /$match/g]};
if($count > 0) {
$flag = 1;
}
}
close SBUFF;
if($flag == 1) {
\Qssh $server -x -o batchmode=yes shutdown -r now\Q
}
}
Updating SSH Key Fingerprints
The rst time you connect to a remote computer using SSH, the local computer
prompts for permission to add the remote computer’s ngerprint (or encrypted public
key) to a list of known remote computers. You might see a message like this:
The authenticity of host “server1.example.com” can't be established.
RSA key fingerprint is a8:0d:27:63:74:f1:ad:bd:6a:e4:0d:a3:47:a8:f7.
Are you sure you want to continue connecting (yes/no)?
The rst time you connect, you have no way of knowing whether this is the correct
host key. Most people respond “yes.” The host key is then inserted into the ~/.ssh/
known_hosts le so it can be veried in later sessions.
30 Chapter 4 Connecting to Remote Computers