KrazyWorks » Testing SSH Connectivity to Multiple Servers

December 27, 2011 – 12:22 am | 3 Comments

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

Read the full story »

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells

Testing SSH Connectivity to Multiple Servers

Submitted by Igor on December 27, 2011 – 2:46 amNo Comment

Imagine a hypothetical scenario: you support hundreds of remote servers and you need to check which server you can access via SSH and which servers are not letting you log in. Doing this manually is a tedious process that many sysadmins choose to skip. The inevitable outcome is inability to quickly access a system when it really counts. After running into this problem on more than one occasion, I decided to spend an hour to write a very simple script that will work against a list of servers and perform the following tasks:

1. Check DNS for fully-qualified domain names (FQDNs) and IP addresses of your servers
2. Check if the servers are using SafeWord authentication for SSH
3. Check if you have passwordless SSH access to the servers
4. Try multiple passwords to test SSH access

The last step is particularly useful if local accounts are used for SSH access to some servers. Whenever local accounts come into play, there is a good possibility of multiple passwords on different systems.

Using the script

Create a list of hostnames to check, one per line. Update the “hostlist” variable in the “configure” function below to point to the list’s location. Update “username” variable below to show your local/LDAP username. Scroll down to line “for password in ‘password1′ ‘password2′ ‘password3′” and insert your all known local and LDAP passwords for the specified $username. If passwords use special characters, use escape sequences. For example, if the password is ‘big$money’, replace it with ‘big\$money’.

The output is of the form:
hostname,dns_status,fqdn,ip,login_type,password_type,password_status

The script is slow and inefficient, written on two cups of coffee at 3am, but it works. It is slow, so you may want to run it overnight if you have a large list of servers. The csv output can be imported into a spreadsheet app.

NOTE: Because the script and its output contain your actual passwords, don’t keep them sitting around. Chmod the script 700 and the output will be 600. Delete them when done. Clear shell history and terminal buffer. It is easy to rewrite this script to read passwords as command-line arguments for better security, but I am feeling lazy today…

^?View Code BASH

#!/bin/bash
#
# www.krazyworks.com
# 2011-11-04
#
# Use this script to check SSH access status to listed servers
#
# WORKFLOW:
# -------------------------------
#
# 1. Use DNS to obtain fully-qualified domain names (FQDNs) and IP addresses of all server in your list
# 2. Check if the servers are using SafeWord authentication for SSH
# 3. Check if you have passwordless SSH access to the servers
# 4. Try multiple passwords to test SSH access
#
# INSTRUCTIONS:
# -------------------------------
#
# Create a list of hostnames to check, one per line. Update the "hostlist" variable in the "configure"
# function below to point to the list's location. Update "username" variable below to show your local/LDAP
# username. Scroll down to line "for password in 'password1' 'password2' 'password3'" and insert your all known
# local and LDAP passwords for the specified $username. If passwords use special characters, use escape sequences.
# For example, if the password is 'big$money', replace it with 'big\$money'.
#
# The output is of the form:
# hostname,dns_status,fqdn,ip,login_type,password_type,password_status
#
# The script is slow and inefficient, written on two cups of coffee at 3am, but it works. It is slow, so you may
# want to run it overnight if you have a large list of servers. The csv output can be imported into a spreadsheet app.
#
# NOTE: Because the script and its output contain your actual passwords, don't keep them sitting around. Chmod the
# script 700 and the output will be 600. Delete them when done. Clear shell history and terminal buffer. It is easy
# to rewrite this script to read passwords as command-line arguments for better security, but I am feeling lazy today...
 
configure() {
	hostlist="/var/adm/bin/server_list_primary.txt"
	hostlist_resolved="${hostlist}_resolved"
	hostlist_processed="${hostlist}_processed"
	username="igor"
	safeword="sw_igor"
 
	if [ ! -f "${hostlist}" ]
	then
		echo "Host list file $hostlist not found. Exiting..." ; exit 1
	fi
 
	if [ -f "${hostlist_resolved}" ]
	then
		/bin/rm "${hostlist_resolved}"
	fi
 
	if [ -f "${hostlist_processed}" ]
	then
		/bin/rm "${hostlist_processed}"
	fi
}
 
resolve() {
	cat "${hostlist}" | while read line
	do
		if [ `/usr/bin/host ${line} | grep -c "not found"` -eq 0 ]
		then
			/usr/bin/host ${line} | tail -1 | while read line2
			do
				fqdn=$(echo ${line2} | awk '{print $1}')
				ip=$(echo ${line2} | awk '{print $NF}')
				echo "${line},resolved,${fqdn},${ip}" >> "${hostlist_resolved}"
				echo "${line},resolved,${fqdn},${ip}"
			done
		else
			echo "${line},unresolved" >> "${hostlist_resolved}"
			echo "${line},unresolved"
		fi
	done
}
 
check_safeword() {
	cat "${hostlist_resolved}" | while read line
	do
		if [ `echo $line | grep -c ",unresolved"` -eq 0 ]
		then
			status=2
			host=$(echo $line | awk -F',' '{print $1}')
			status=$(echo "" | ssh -n -q -T -o "BatchMode=yes" ${safeword}@$host echo 2>&amp;1 | grep -ic "safeword" | tail -1)
			if [ ${status} -eq 1 ]
			then
				echo "${line},safeword" >> "${hostlist_processed}"
				echo "${line},safeword"
			else
				echo "${line},notsafeword" >> "${hostlist_processed}"
				echo "${line},notsafeword"
			fi
		else
			echo "${line}" >> "${hostlist_processed}"
		fi
		sleep 1
	done
 
	/bin/mv "${hostlist_processed}" "${hostlist_resolved}"
}
 
check_passwordless() {
	cat "${hostlist_resolved}" | while read line
	do
		if [ `echo $line | grep -c ",unresolved"` -eq 0 ]
		then
			if [ `echo $line | grep -c ",safeword"` -eq 0 ]
			then
				status=2
				host=$(echo $line | awk -F',' '{print $1}')
				status=$(ssh -n -T -o "BatchMode=yes" ${username}@$host echo 2>&amp;1 | grep -c denied)
				if [ ${status} -eq 1 ]
				then
					echo "${line},password_requried" >> "${hostlist_processed}"
					echo "${line},password_requried"
				else
					echo "${line},passwordless" >> "${hostlist_processed}"
					echo "${line},passwordless"
				fi
			else
				echo "${line},password_requried" >> "${hostlist_processed}"
			fi
		else
			echo "${line}" >> "${hostlist_processed}"
		fi
		sleep 1
	done
 
	/bin/mv "${hostlist_processed}" "${hostlist_resolved}"
}
 
try_password() {
	touch "${hostlist_processed}"
	chmod 600 "${hostlist_processed}"
	cat "${hostlist_resolved}" | while read line
	do
		if [ `echo $line | grep -c ",unresolved"` -eq 0 ]
		then
			if [ `echo $line | grep -c ",safeword"` -eq 0 ]
			then
				if [ `echo $line | grep -c ",passwordless"` -eq 0 ]
				then
					status=1
					host=$(echo $line | awk -F',' '{print $1}')
					for password in 'password1' 'password2' 'password3'
					do
						status=$(expect -c "
						set timeout 5
						spawn ssh ${username}@$host "hostname"
						expect "password:" { send \"${password}\r\" }
						expect eof " | tail -1 | grep -c "ssword")
						if [ $status -eq 0 ]
						then
							echo "${line},${password}" >> "${hostlist_processed}"
							echo "${line},${password}"
							break
						fi
					done
					if [ $status -ne 0 ]
					then
						echo "${line},nopass" >> "${hostlist_processed}"
						echo "${line},nopass"
					fi
					sleep 1
				else
					echo "${line}" >> "${hostlist_processed}"
				fi
			else
				echo "${line}" >> "${hostlist_processed}"
			fi
		else
			echo "${line}" >> "${hostlist_processed}"
		fi
	done
}
 
configure
resolve
check_safeword
check_passwordless
try_password
 
echo "Check ${hostlist_processed} for status"

Popularity: 1% [?]

Applications »

OpenSUSE 11.4 Installation Overview

After enjoying taking apart Microsoft’s “cloud” Office 365 for the numerous shortcomings of its installation process, having to do the same for my favorite Linux distro – openSUSE – is rather upsetting. OpenSUSE installation routine went from nearly-flawless in 11.1 to mildly annoying in 11.3, arriving to moderately obnoxious in 11.4. What happened? Same as with Microsoft, poor installation workflow is to blame. One can always feel when desktop support people take over workflow tasks from server admins.

More articles »

Commands & Shells »

A Simple Process Monitoring Script

Let’s say you are running a data restore. Things are moving along, but network is congested and the backup server is overloaded. You really don’t feel staring at the restore status for the next several hours and just want to be notified when the process completes. The simplest method of monitoring for processes starting or ending on Unix systems is by using “ps” with a “while” loop.

More articles »

Data »

Adding LUNs to VXVM on Linux

The following is a brief overview of the process for adding LUNs to VXVM under Linux. In our example we have an RHEL 5 server with existing LUNs and VXVM volume groups. Two new LUNs with multipathing were allocated from SAN and need to be added to the system to grow one of the volumes and the corresponding filesystem.

More articles »

Hardware »

Quick Review: Boxee Box

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

More articles »

Monitoring »

Simple Host Monitoring with SSH

Sometimes you just need something very simple to monitor a server or an application on a temporary basis. A basic ping monitor is fine, but it will only tell you if a server is responding on the network. It will not tell you if there is some other problem on the system. The script below relies on passwordless SSH setup to periodically log into the monitored nodes and check on their health by executing a local or remote script.

More articles »

Networking »

Red Hat: Changing Hostname and IP

Changing hostname and IP is frequently required when a server is being moved from testing or development to production. The process is a fairly simple one, but steps must be performed in a certain order to avoid complications.

More articles »

Scripts »

Windows Network Troubleshooting Script

I try my best to stay away from Windows. I wish my clients did the same. The usual difficulty of troubleshooting elusive network performance problems is amplified many-fold when there is a Windows computer at the end of the line. With Unix it’s relatively simple: run tests “a”, “b”, “c”, etc and follow the familiar process of elimination. With Windows in the picture the number of steps uses up all of the English alphabet and spills over well into the Russian one. And when you finally reach step “я”, you have to pull out your Chinese dictionary.

More articles »

FCC Chair Calls On ISPs To Adopt New Security Measures
alphadogg writes "U.S. Internet service providers should take new steps to protect subscribers against cyber attacks, including notifying customers when their computers are compromised, the chairman of the FCC said Wednesday. Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to dev […]
Biologists Debunk the "Rotting Y Chromosome" Theory
An anonymous reader writes "Biologists have previously predicted that that the male sex-determining Y chromosome, which once carried around 800 genes, like the X, has lost hundreds of them over the past 300 million years, will mutate itself out of existence, leading to the eventual extinction of men. However, researchers of a study published in the late […]
NRC Releases Audio of Fukushima Disaster
mdsolar writes "The Nuclear Regulatory Commission today released transcripts and audio recordings made at the NRC Operations Center during last year's meltdown at the Fukushima Daiichi Nuclear Power Plant in Japan. The release of these audio recordings comes at the request of the public radio program 'BURN: An Energy Journal,' and its hos […]

Server Info

Server:	rowen.accountservergroup.com
OS    :	Red Hat 4.1.2-50
Kernel:	Linux 2.6.18-338.12.1.el5.lve0.8.34
Arch  :	64-bit OS running on 64-bit hardware 
CPU(s):	2 x 4-core Intel Xeon CPU E5620@ 2.40GHz
RAM   :	23Gb (99% used), 16 x 1Gb DIMMs
Swap  :	6Gb (0% used), paging in/out: 0/0
Uptime:	23 days
Load  :	.13, .14, .16
CPU % :	8 CPU cores at 16% combined utilization
Disk  :	util, svc time - sda: %, ms; 
Apps  :	MySQL 5.0.91, Perl 5.8.8
Issues:	occasional RAM shortages