Tuesday, July 31, 2012

expect a pubkey

i have a pubkey. i need to put it all over the place.
but, i have my pubkey on some systems.

sigh.

first, i cat my favorite pubkeys into authorized_keys2, then i strip my dns zone file and get all my ip addresses. then i feed that list into this script. if the systems blink, i attempt to scp to them. if i get a password prompt, expect will throw the "i already know it password" in and copy over my keys. yeah. you can get fancy and do other things, but this is a start.

#!/bin/bash

for ip_addr in $(cat strippedzonefile) ; do

ping -q -c 1 $ip_addr &&

expect -c "
spawn scp /my/authorized_keys2 account@$ip_addr:/that/account/.ssh/authorized_keys2
expect \"?assword:*\"
send -- \"securepassword\r\"
expect eof
 "
done

nfs barfs

i need to re-export an nfs mount because i need to. i do my usual /etc/exports editing. and then nfsd barfs...

root@server:~# exportfs -ra
exportfs: Warning: /my/export does not support NFS export.

why?

Of course...
/etc/default/nfs-kernel-server
needs this line...

REEXPORT_NFS="yes"
then re-start nfs services, statd junk and portmap.

root@server:~# exportfs -ra

no error. nice. or just install unfs3.

Monday, July 30, 2012

strip ips from zonefile

so i want to strip ips from a zone file. easy.
dump it. scp it. whatever.


#!/bin/bash
echo "enter zone file"
read zonefile    
fileName=`pwd`"/$zonefile"

if [ -f "$zonefile" ] ; then

sed -n 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/\nip&\n/gp' $zonefile | grep ip | sed 's/ip//'| sort | uniq > stripped

fi

no frills scp & execute command script

1000 machines need a file and a command run.
some machines are up. some are not.

first thing, pubkey them. done.

now, what to do about that file and the command?

my file is called, oh, file. it is in ~ . somewhere.
drop a file, say, computers in pwd.

first, check if the computers are alive. then drop the file. then run whatever's in the file.

#!/bin/bash

for ip_addr in $(cat computers) ; do
  ping -q -c 1 $ip_addr && \ 
  scp -r ~/somewhere/file toor@$ip_addr:/tmp && \ 
  ssh -l toor $ip_addr "bash -c \"/tmp/file \""
done

if you work by the hour, then this script would make you useless. if you're salaried, go get some coffee.

Thursday, July 26, 2012

i don't care about keys

well.  i do and sometimes i don't.  let's just suspend all those, do you want to accept rsa key prompts, shall we?

[systemwide]
in /etc/ssh/ssh_config (global client conf file) add stanza:

Host 192.168.168.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

* This may be done by subnet or host.

&

[per session]
$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
uid@192.168.168.192