| View previous topic :: View next topic |
| Author |
Message |
thorpe
l33t
Joined: 09 May 2005
Posts: 618
Location: Sydney, Australia.
|
 Posted: Wed Apr 18, 2007 6:01 am Post subject: ssh scripting ? |
 |
|
Little bit stuck here with how I should go about this. I have 3 machines, firewall, utilserv and my main machine (oblivion) which I want to run this script from.
Heres the deal. I have just moved house and have had to go back to a dialup connection. Ive rebuilt my firewall scripts to masquerade and share my dialup. Thing is, because its not always online I need to be able to script the connection from my main machine.
I'll post what I have to see if it makes things clearer.
| Code: |
#!/bin/bash
case "${1}" in
start)
ssh firewall sudo wvdial
ssh firewall sudo /usr/sbin/firewall.sh
ssh firewall sudo /etc/init.d/ntp-client start
ssh utilserv sudo /etc/init.d/ntp-client start
sudo /etc/init.d/ntp-client start
;;
stop)
ssh firewall sudo kill $(pidof wvdial)
ssh firewall sudo kill $(pidof pppd)
;;
esac
exit 0
|
As you can see. From my main machine (running this script) Id'e like to ssh to the firewall, dialup a connection, start the firewall.sh (iptables) script then sync my clocks on all machines.
The stop functionality should disconnect the dialup.
This script partly works. I get the connection, the firewall kicks in and I can use the net from any machine, but, it never gives me my prompt back. It seems to stop after starting the firewall as there is no message about ntp-client starting.
Then, when I go to stop the connection I just get the Uage for kill displayed twice and my modem will not hang up. I have to login to the firewall and kill the process manually.
Am I going abou this all wrong or does anyone have a better solution?
Eventually Id'e like to be able to make connect and disconnect available as fluxbox keyboard shortcuts to make it easy for my girlfriend to get connected. I never had to worry about it before because we had ADSL and where always ON.
Any ideas welcomed. Thanks.
_________________
Research before taking any advice from me. I'm still coming to grips with this myself. |
|
| Back to top |
|
 |
BitJam
Advocate
Joined: 12 Aug 2003
Posts: 2513
Location: Silver City, NM
|
| Posted: Wed Apr 18, 2007 6:16 am Post subject: |
|
|
| Code: | $ eix -e expect
* dev-tcltk/expect
Available versions: 5.42.1-r1 ~5.43.0
Homepage: http://expect.nist.gov/
Description: tool for automating interactive applications |
|
|
| Back to top |
|
|
thorpe
l33t
Joined: 09 May 2005
Posts: 618
Location: Sydney, Australia.
|
| Posted: Wed Apr 18, 2007 6:33 am Post subject: |
|
|
Sorry, I did fail to mention that I have keys setup so I'm not getting any prompts or anything, it DOES connect, and appears to start the firewall, just doesn't seem to sync the clocks or give me my prompt back.
_________________
Research before taking any advice from me. I'm still coming to grips with this myself. |
|
| Back to top |
|
|
BitJam
Advocate
Joined: 12 Aug 2003
Posts: 2513
Location: Silver City, NM
|
| Posted: Wed Apr 18, 2007 6:45 am Post subject: |
|
|
From the URL above: | Quote: | Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect really makes this stuff trivial. Expect is also useful for testing these same applications. And by adding Tk, you can also wrap interactive applications in X11 GUIs.
Expect can make easy all sorts of tasks that are prohibitively difficult with anything else. You will find that Expect is an absolutely invaluable tool - using it, you will be able to automate tasks that you've never even thought of before - and you'll be able to do this automation quickly and easily. |
Perhaps I still misunderstand what you've been saying but ISTM that Expect was designed to solve just the sort of problem you seem to be having. |
|
| Back to top |
|
|
Moji
Tux's lil' helper
Joined: 04 Nov 2006
Posts: 121
|
| Posted: Wed Apr 18, 2007 12:51 pm Post subject: |
|
|
I might be wrong since I don't use sudo. Which user are you ssh'ing in as? And does that user have password-less access to all of the commands you've listed?
If you're ssh'ing in as a user that needs a password to start ntp then sudo would hang where it was requiring a password entry from user. Which would cause the prompt not to be returned to you, since ssh is trying to run that command in the background.
If that is the problem then you just have to add the command to the password-less options in the /etc/sudoers file(Sudo Config). You'd have to do that for the user you're using and for all of the computers that you are trying to start up the ntp-client for.
If you get it working you might also want to consider having it run all of the ntp commands in parallel by adding the single & behind all of the ntp commands. That way you don't have to wait for each one to resolve individually.
| Code: | #!/bin/bash
case "${1}" in
start)
ssh firewall sudo wvdial
ssh firewall sudo /usr/sbin/firewall.sh
ssh firewall sudo /etc/init.d/ntp-client start &
ssh utilserv sudo /etc/init.d/ntp-client start &
sudo /etc/init.d/ntp-client start &
;;
stop)
ssh firewall sudo kill $(pidof wvdial)
ssh firewall sudo kill $(pidof pppd)
;;
esac
exit 0 |
Hope that helps.
-MJ |
|
| Back to top |
|
|
Moji
Tux's lil' helper
Joined: 04 Nov 2006
Posts: 121
|
| Posted: Wed Apr 18, 2007 1:24 pm Post subject: |
|
|
Sorry for not noticing before but are wvdial and /usr/sbin/firewall.sh both scripts that complete? If ssh is waiting for the command to resolve the script won't move on to the next line. Since ssh would wait for all of the child processes to finish before it send its exit signal.
-MJ |
|
| Back to top |
|
|
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Wed Apr 18, 2007 1:30 pm Post subject: Re: ssh scripting ? |
|
|
| thorpe wrote: | I'll post what I have to see if it makes things clearer.
| Code: | case "${1}" in
stop)
ssh firewall sudo kill $(pidof wvdial)
ssh firewall sudo kill $(pidof pppd)
;;
esac |
[W]hen I go to stop the connection I just get the U[s]age for kill displayed twice and my modem will not hang up. |
You experience this problem because $(pidof process-name) is evaluated on the machine where this script runs, not the server. The processes are not running there, so the arguments passed to kill are missing or invalid.
You're not going about this "wrong" but definitely doing it the hard way. Write a script to combine all these tasks into a single task at the server, then invoke that script from the client. | Example: | case "$1" in
start|stop)
ssh firewall /usr/local/bin/dialup-svc $1
*)
echo "Usage: $0 {start|stop}"
;;
esac |
Also, I'd recommend you switch to ntpd (instead of ntp-client) all around. The daemon will keep accurate time even when you're off the 'net and I'm pretty sure you can configure it to cope with intermittent connectivity. That will eliminate the need to run ntp-client via sudo.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
thorpe
l33t
Joined: 09 May 2005
Posts: 618
Location: Sydney, Australia.
|
| Posted: Wed Apr 18, 2007 1:39 pm Post subject: |
|
|
Thanks for all the ideas and tips.
Firstly, to answer Moji, yes, my user 'thorpe' has access to sudo without a prompt on all machines.
| Quote: | | are wvdial and /usr/sbin/firewall.sh both scripts that complete? |
Yes, both appear to complete because the connection works and from all machines so the firewall is also working.
| Quote: | | You experience this problem because $(pidof process-name) is evaluated on the machine where this script runs, not the server. |
That makes complete sense now that I look at the script. And yes, I agree writting a single script on the server and calling that via ssh seems a cleaner solution.
Thanks, I'll see what I come up with tomorow.
_________________
Research before taking any advice from me. I'm still coming to grips with this myself. |
|
| Back to top |
|
|
|
Networking & Security
