0

I need to make a script to check authentication of an user with ssh-key on multiple Redhat servers, approximately 980 servers.

User can edit script for userID and private ssh-key location.

Script must:

  • check successful login or failed(if asked for password) and output into log file;

  • read servers IP's/hostnames from servers.txt;

  • skip if server is offline.

What would be the best approach?

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Mihai
  • 11

2 Answers2

0

Something like this:

#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run 
# in the log fil, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> logfile 

# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do

    # Test if the host is up with a simple ping
    # Throw away all output.
    if ping -c1 "$hostname"  > /dev/null 2>/dev/null; then

        # We now test if a host is up with a simple command, echo.
        # with -o PasswordAuthentication=no, we make sure that password
        # authentication is not used. Output the result to the logfile.
        if ssh  -o PasswordAuthentication=no "$hostname" echo ' '; then
            echo "OK - $hostname" >>logfile
        else
            echo "AArrrghhh $hostname" >> logfile
        fi
    else
        # I assumed you want some idea of how many servers are skipped.
        echo "skipped $hostname" >> logfile
    fi
done < servers.txt

It is a quick write and it will probably need some tweaking. The comments should give you some hints on what to check.

Ljm Dullaart
  • 4,643
0

This is perfect :-) I did some modifications to it ;-)

Convert private.ppk to private.pem:

$ apt install putty-tools
$ puttygen private.ppk -O private-openssh -o private.pem
$ eval `ssh-agent -s`
$ ssh-add priv_key.pem

And script will run perfect

output.log

root@Pi-3Plus:~# cat output.log
Sat 20 Jul 20:37:51 EEST 2019
SSH-Key Refused - 192.168.1.106
No route to 192.168.4.34
SSH-Key Accepted - 192.168.1.2
No route to 192.168.4.33
SSH-Key Refused - 192.168.1.101
SSH-Key Refused - 192.168.1.195
No route to 192.168.4.39
SSH-Key Accepted - 192.168.1.2

Adding modifications of code below.

#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run
# in the log fill, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> output.log

# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do

    # Test if the host is up with a simple ping
    # Throw away all output.
    if ping -c1 "$hostname"  > /dev/null 2>/dev/null; then

        # We now test if a host is up with a simple command, echo.
        # with -o PasswordAuthentication=no, we make sure that password
        # authentication is not used. Output the result to the logfile.
        if ssh -l ADDUSERHERE -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o PasswordAuthentication=no -n "$hostname" echo ''; then
        echo "SSH-Key Accepted - $hostname" >>output.log
    else
        echo "SSH-Key Refused - $hostname" >> output.log
    fi
else
    # I assumed you want some idea of how many servers are skipped.
    echo "No route to $hostname" >> output.log
    fi
done < servers.txt
Mihai
  • 11