Using SSH to df many boxes...?

arfon · 02-17-2009, 08:39 AM

I have a list of servers that I need to df every so often. I'm trying to make a Bash script to do this for me...

Here's what I have so far:

Code:

#!/bin/bash

rm df_status.txt

while read LINE
do

/usr/bin/expect - << EndMark
spawn ssh root@$LINE
expect "yes/no" { send "yes\r" }
expect "password:" { send "PASSWORD_GOES_HERE\r" }
EndMark

discfree=`df | grep "/dev/hda1"` #| grep -o " ...%"`
echo "$LINE:$discfree\n" >> df_status.txt

done<servers_ip.txt
exit 0

I know WHY it's failing... because I'm exiting SSH and df'ing the local machine. I'm just not that familiar with Expect and not sure how to do this.

Also, I have MANY machines so I need the expect to do the "yes/no" check and the "password", public-key authentication is not an option (unless someone has a script to automatically add the public-keys).

richwmn · 02-17-2009, 11:40 AM

Couple of quick thoughts here.
1. It is not a good security practice to ssh in as root. DF runs just fine as a regular user.
2. The yes / no answer is only required the first time through. The second time around you would go to the password question, which if answered yes would most likely fail.
3. the command ssh ipaddr df would run the df command on the remote machine and return the result to you for additional processing.

arfon · 02-17-2009, 04:32 PM

The "ssh ip df" would be a good solution but, how do I use it in expect for the password?

There's too many servers to copy the public-key to...

unSpawn · 02-17-2009, 05:04 PM

Quote:

Originally Posted by arfon

There's too many servers to copy the public-key to...

Like richwmn already pointed out it is not a security best practice to ssh in as root using passwords instead of pubkey auth isn't either. If you are going to run n commands on n servers regularly and would like to keep the security posture instead of deteriorating it then it should be worth setting things up properly. Besides why reinvent the wheel and fiddle with expect in that way? There's tools for issuing commands on multiple servers like Clusterit, Pssh, Dsh, Fanout. Tentakel even provided pointers to others. See http://tentakel.biskalar.de/similar/ for more.

arfon · 02-18-2009, 07:42 AM

Quote:

2. The yes / no answer is only required the first time through. The second time around you would go to the password question, which if answered yes would most likely fail.

No, it just ignores it on the subsequent logins. That part of the scrip works great. The part that doesn't work is the DF'ing the remote box.

Quote:

Like richwmn already pointed out it is not a security best practice to ssh in as root using passwords instead of pubkey auth isn't either.

Thanks for the warning but, this would be the least of our security problems.

I didn't want to use Clusterit, Pssh, Dsh, Fanout or anything else not found on a 'standard' Slackware box because I need a simple drop in script that just works. I don't have resources to install a bunch of packages across a bunch of computers.

Don't get me wrong, I do appreciate the responses.

arfon · 02-18-2009, 10:37 PM

THE ANSWER:

Quote:

#!/bin/bash

STATUS=df_status.txt

rm -f $STATUS

while read LINE
do

echo -n "$LINE: "

/usr/bin/expect - << EndMark | grep -o "[0-9]\{1,3\}%"
spawn ssh root@$LINE df -h /
expect "yes/no" { send "yes\r" }
expect "password:" { send "PASSWORD\r" }
expect "#" { send "\r" }
EndMark

done<servers_ip.txt | grep "[890][0-9]%" > $STATUS

exit 0

This script will read a list of server addresses from a file (all of whom have the same root password) and write the servers that have a df of 80% or better on the / directory.

Credit for this goes to PJ of Austin's ALE LUG.