Execute cross system commands on Linux

Because I have expanded my local network with a Raspberry Pi 3 permanently, as that runs my DNS service, I had to work out a solution how I can execute remote commands there to run checks from my main server. I will explain it in this article.

Overview about the solution

What I wanted to reach to execute commands over SSH without typing password every single time as these checks are run from jobs by cron. I created new user on both server, called agent, then I generated SSH keys them and setup them as authorized keys. After it, I wrote a short script to make it easier in the “every day life”.

To perform the following steps, sudo authority is required!

User creation

Both server I have created an new user, called agent with the next command. Further commands was home directory and SSH directory.

sudo useradd agent
mkdir /home/agent
mkdir /home/agent/.ssh

Next step is to generate SSH keys. it can be done by ssh-keygen utility. It has several parameter options, I just simply used a basic option to generate it.

ssh-keygen -t rsa

During creation, do not specify password, leave that field empty. I have generated it onto the /home/agent/.ssh/id_rsa directory directly on both server.

What do we have now? We have agent user on both server. As we did not set password them, they are not logonable during SSH. We also have their SSH keys. Next step is to setup that they should “trust in each other” to prevent to ask password.

It can be by copy public key as authorized_keys in cross. I usually use rsync utility to copy files between systems, I did it now too:

On pihome system:  rsync /home/agent/.ssh/id_rsa.pub [email protected]:/home/agent/.ssh/authorized_keys
On atihome system: rsync /home/agent/.ssh/id_rsa.pub [email protected]:/home/agent/.ssh/authorized_keys

Last step is to setup ownership of their home directory on both server:

sudo chown -R agent:agent /home/agent

How can it be used?

Agent users can execute command on cross system by using SSH utility. Sample command what performs command on my Pi in remote:

sudo -u agent ssh [email protected] free -h

Although, agent users cannot login onto systems directly, as we did not specify their passwords, but as their “trust in each other” they can execute commands remotely. With sudo -u <username> command we can execute command behalf of other operators. This is the way how it generally works.

Note: at the first command, we need to type yes but later it will not ask anything.

You can also add agent users into sudoers.d directory if you mind and would like to execute sudo commands with them. Execute these commands on both machine:

su
usermod -aG sudo agent
echo "agent ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/010_agent-nopasswd

Let’s make it more comfortable

I wrote a short bash script, and saved it into /usr/share/monitor/rmtcmd.sh file. I made a link to /bin directory:

sudo ln -s /usr/share/monitor/rmtcmd.sh /bin/rmtcmd

This is there on both system and makes the cross command execution more handy for me. Syntax is simple for the command with some example

sudo rmtcmd <hostname> <command>
sudo rmtcmd pihome.local df -h
sudo rmtcmd atihome.local uname -a

Script is short, it does not takes too much. It checks that the user is root, checks that parameters are not empty, then execute the ssh command above.

#!/usr/bin/bash

if [[ $(whoami) != "root" ]]
then
        echo "Only root can run it"
        exit 20
fi

server=${1}
cmd=""

i=2
while [[ ${i} -le ${#} ]]
do
        eval "actParm=\${$i}"
        cmd="${cmd}${actParm} "
        i=$((i + 1))
done

if [[ -z ${server} ]]
then
        echo "No server is specified"
        exit 20
fi

if [[ -z ${cmd} ]]
then
        echo "No command is specified"
        exit 20
fi

sudo -u agent ssh agent@${server} ${cmd}

exit 0

This script can be used easily (at least for me). It can be called in other scripts on in pipe lines. For example, to ask how much available memory my Pi has (in kB):

sudo rmtcmd pihome.local cat /proc/meminfo | grep "MemAvailable:" | awk '{print $2}'

Final words

This is, how I solved my problem. If you need similar function, I hope this small descriptiont helped you to run through and solved your similar problem too.

Ati

Enthusiast for almost everything which is IT and technology. Like working and playing with different platforms, from the smallest embedded systems, through mid-servers (mostly Linux) and desktop PC (Windows), till the mainframes. Interested in both hardware and software.

You may also like...