Guaranteeing scripts don’t get hung on remote ssh

This is probably remedial for a lot of you, but it never occurred to me before today.

I’ve got a lot of shell scripts that run in cron or manually, and a significant portion of those need to connect to a remote server via ssh, either to rsync or to issue commands, or whatever.

The way I do this is to set up key-based authentication between the machines…but what if, for whatever reason, that doesn’t work? Have you ever ran a script, and after 5 minutes, you realize it hasn’t finished, because it’s still sitting there yelling at you:

[email protected]’s password:

That’s no fun…mostly because you’re probably going to end up typing the password another dozen times (or more!) for each time that it has to connect to a remote host to which you haven’t copied the keys.

Today, I learned and/or realized that you can specify options from ‘man ssh_config’ on the command line to ssh. That means you can avoid the mess above and more gracefully handle these exceptions. Instead of just

ssh [email protected] command

Do this:

ssh -o PreferredAuthentications=publickey [email protected] command

This causes the result to be

Permission denied (publickey).

Probably more importantly, it returns an error code (255 in this case), which you can handle in-script:

 if ! ssh -o PreferredAuthentications=publickey \
           $USERNAME@$HOST $COMMAND ; then
    echo "Sorry, key authentication failed for $HOST"
    exit 1

I’m not sure why it never occurred to me before, but it’s a great way to account for those oddities which seem to crop up from time to time.

By the way, if you’re unfamiliar with key-based authentication in SSH (or with SSH tricks in general), there are several posts from a few years back where some other bloggers and I covered various SSH tricks that you might be interested in.

Drop a comment and let me know how you handle these sorts of things. Your way is probably better than mine, and I’m interested in hearing about it!

Theo Schlossnagle opening PICC11 Keynote

I don’t know if you’ve been to the PICC11 website lately, but the lead story is that the opening keynote is going to be done by none other than Theo Schlossnagle, of OmniTI.

Theo founded OmniTI, wrote Scalable Internet Architectures, and has spoken at more conferences than I’m able to name. Just check out his profile on Lanyrd!

We’re really excited to have Theo come, and I can’t wait to hear what he has to say to a conference full of system administrators.

PICC is going to be a lot of fun, and we’ve got some great training and tech sessions.

If you’re in the area, you really owe it to yourself to sign up in the next week, though, because Early Bird ends on April 4th, and after that, it’s going to cost over $100 more. Talk to your boss now before it’s too late, and register while there’s still time!

Admin Arsenal ups the ante for PICC

Most of the blogs that I read are independently run, meaning the authors are writing as individuals, not companies. Pretty much the lone exception these days is the Admin Arsenal blog because they cover a lot of topics relevant to system administration, and they don’t use their blog as a means to sell their product. They provide content, and I appreciate that. I’ve mentioned them before, and they’re also the only company I’ve ever let write a guest entry here on Standalone Sysadmin. We’ve got a mutual appreciation thing going on.

Last year, they heard about PICC, and they wanted to do something to help. They ended up giving a full no-questions-asked license to their flagship product to every person who attended the conference, which was awesomely generous. This year, they’re outdoing themselves.

Every person who comes to PICC11 will receive AA Console (which used to be named Admin Arsenal) PLUS they’re also throwing in a copy of PDQ Deploy Pro. Together, this is a $500 value for absolutely nothing except showing up to a conference you wanted to attend anyway.

A huge thanks to Admin Arsenal for their continued support, both of the conference, and of system administration in general. Thanks!

Also, if you haven’t signed up for PICC11 yet, do it now!. The Early Bird registration ends on April 4th, which is coming up. If you need help, we’ve even for a form letter to help convince your boss. There’s no reason to not come!