This blog
will help you in bypassing or ignoring the password prompt in shell along with a
sample script to test direct login to remote servers without any interruption due
to password prompt
Using ssh –o
& trap signals it is possible to skip password prompt & move ahead in
the script
Although
remote server direct login is enabled using public key sometimes it does not work
either due to password policy expiring the password or server un-reachability. In
both situation password will be prompted like below
$ssh oracrmdevlab hostname
oralab@oracrmdevlab's password:
Script:
Sample
script has been written to provide report of the failure direct remote login
from jump server for a particular osuser.
#!/bin/sh
set -x
BASE="/export/home/oralab/direct_login"
SCP_USER=`who -m | awk '{ print $1}'`
DT=`date '+%b_%d_%Y_%HH_%MM'`
DAT=`date '+%b_%Y'`
MAIL="oralab@xyz.com"
TODAY=`/bin/date +%d | cut -d"0"
-f2` ; export TODAY
> $BASE/direct_login_check.log
> $BASE/direct_login_check_failed.log
> $BASE/direct_login_check_success.log
echo " Verifying Direct Login for
osuser $SCP_USER "
for i in `cat $BASE/host_list.lst`;
do
echo $i
trap
`ssh -o PreferredAuthentications=publickey $SCP_USER@$i hostname >>
$BASE/direct_login_check.log 2>&1; exit` 0
chkconn=`cat $BASE/direct_login_check.log |
grep -i $i | wc -l | awk '{ print $1 }'`;export chkconn
if [ $chkconn -ge 1 ];then
echo "Direct Logging Succeded for
osuser $SCP_USER on $i " >> $BASE/direct_login_check_success.log
else
echo "Direct Logging Failed for osuser
$SCP_USER on $i " >> $BASE/direct_login_check_failed.log
fi
done
echo "======================="
> $BASE/direct_login_failed.log
echo "Direct Login Failed Log"
>> $BASE/direct_login_failed.log
echo "======================="
>> $BASE/direct_login_failed.log
echo " " >>
$BASE/direct_login_failed.log
cat $BASE/direct_login_check_failed.log
>> $BASE/direct_login_failed.log
echo " " >>
$BASE/direct_login_failed.log
if [ `cat $BASE/direct_login_failed.log | wc
-l | awk '{ print $1 }'` -ge 1 ];then
cd $BASE
uuencode direct_login_failed.log
direct_login_failed.log | mailx -s "Direct Login Failure Report for
$SCP_USER " $MAIL
fi
Explanation:
Script will...
1. Read the
list of hostnames
2. Connect
to each server as a password less login
3. Pull the
hostname command output from remote host
4. Prepare
the failure direct login report & mail
ssh –o PreferredAuthentications=publickey allows
to specify preferable public keys based authentication method which suppresses the
password prompt event after failure
trap allows to send the interrupt
signal within script in-case login (or any command) halts , saving from complete
script going in hang state & keeping loop in progress
As per snap test-db2 has got connected successfully using
public key & returned the hostname setting flag 1 as a success
As per snap test-db2 unable to connect using public key hence
did not returned the hostname causing flag 0 as a failure
Email Report file shows failure log
No comments:
Post a Comment