diff --git a/tsshbatch.rst b/tsshbatch.rst index ead0b32..4c851fd 100644 --- a/tsshbatch.rst +++ b/tsshbatch.rst @@ -6,24 +6,24 @@ SYNOPSIS -------- -tsshbatch.py [-hvk] [-n name] [-p pw] [-H 'h1 h2 ...' | serverlistfile] command arg ... +tsshbatch.py [-hvk] [-n name] [-p pw] [-H 'h1 h2 ...' | hostlistfile] command arg ... DESCRIPTION ----------- ``tsshbatch`` is a tool to enable you to issue a command to many -servers without having to log into each one separately. When writing +hosts without having to log into each one separately. When writing scripts, this overcomes the ``ssh`` limitation of not being able to specify the password on the command line. ``tsshbatch`` also understands basic ``sudo`` syntax and can be used -to access a server, ``sudo`` a command, and then exit. +to access a host, ``sudo`` a command, and then exit. ``tsshbatch`` thus allows you to write complex, hands-off scripts that -issue commands to many servers without the tedium of manual login and +issue commands to many hosts without the tedium of manual login and ``sudo`` promotion. System administrators, especially, will find this -helpful when working in large server farms. +helpful when working in large host farms. OPTIONS @@ -56,7 +56,7 @@ 1) Different Ways To Specify Targeted Hostnames - There are two ways to specify the list of servers on which you want + There are two ways to specify the list of hosts on which you want to run the specified command: - On the command line via the ``-H`` option:: @@ -84,35 +84,35 @@ curly.foo.com moe.foo.com - This method is handy when there are standard "sets" of servers + This method is handy when there are standard "sets" of hosts on which you regularly work. For instance, you may wish to - keep a host file lis for each of your production servers, each - of your test servers, each of your AIX servers, and so on. + keep a host file lis for each of your production hosts, each + of your test hosts, each of your AIX hosts, and so on. 2) Authentication Using Name And Password - The simplest way to use ``tsshbatch`` is to just name the servers + The simplest way to use ``tsshbatch`` is to just name the hosts can command you want to run:: - tsshbatch.py linux-prod-servers uptime + tsshbatch.py linux-prod-hosts uptime You will be promted for your username and password one time which ``tsshbatch`` will then use to log into each of the - machines named in ``linux-prod-servers``. (*Notice that + machines named in ``linux-prod-hosts``. (*Notice that his assumes your name and password are the same on each - server!*) + host!*) Typing in your login credentials all the time can get tedious after awhile so ``tsshbatch`` provides a means of providing them on the command line:: - tsshbatch.py -n joe.luser -p my_weak_pw linux-prod-servers uptime + tsshbatch.py -n joe.luser -p my_weak_pw linux-prod-hosts uptime This allows you to use ``tsshbatch`` inside scripts for hands-free operation. - If your login name is the same on all servers, you can simplify + If your login name is the same on all hosts, you can simplify this further by defining it in the environment variable:: export TSSHBATCH="-n joe.luser" @@ -195,11 +195,40 @@ 3) Authentication Using Key Exchange + For most applications of ``tsshbatch``, it is much simpler to use + key-based authentication. For this to work, you must first have + pushed ssh keys to all your hosts. You then instruct ``tsshbatch`` + to use key-based authentication rather than name and password. Not + only does this elimintate the need to constantly provide name and + passowrd, it also eliminates passing a plain text password on the + command line and is thus far more secure. This also overcomes the + problem of having different name/password credentials on different + hosts. + + By default, ``tsshbatch`` will prompt for name and password + if they are not provided on the command line. To force key-based + authentication, use the ``-k`` option:: + + tsshbatch.py -k AIX-prod-hosts ls -al 4) Executing A ``sudo`` Command - - Forces luser to type in pw + ``tsshbatch`` is smart enough to handle commands that begin + with ``sudo``. It knows that such commands *require* a password + even if you used key exchange to intially log in. That's because, + once you are logged in - whether via name/password or via key + exchange - ``sudo`` requires your password again to promote + your privileges. When using name/password authentication, + with ``tsshbatch`` you need do nothing special to run ``sudo`` + commands on your targeted hosts (assuming you have the privilege + of doing so there). + + However, when using key exchange-based authentication, *if you want + to run ``sudo`` commands, you will also have to provide a + password* by one of the means described previously. That's because, + once you are logged into a host, your password is required again + to do ``sudo`` privilege promotion. @@ -242,7 +271,7 @@ :: - $Id: tsshbatch.rst,v 1.103 2011/12/30 17:56:25 tundra Exp $ + $Id: tsshbatch.rst,v 1.104 2011/12/30 18:31:17 tundra Exp $ You can find the latest version of this program at: