1. Generate new set of private and public keys on client
# ssh-keygen -C "Test Program"
Note: save keys in different location that personel keys
2. Copy the indentity.pub (public) key into the server authorized_keys file files.
from="hostname",command="$SSH_ORIGINAL_COMMAND",no-port-forwarding,no-X11-forwarding "PUBLIC KEY"
Modify the from and the command args, you can add optionally params i.e no-port-forwarding, no-X11-forwarding notice the $SSH_ORIGINAL_COMMAND
variable, this holds the full command string parsed.
3. Create a master script on the client to use the ssh-agent to add the calling script (script.master)
#!/usr/bin/ksh
#hold authenication private keys
/usr/local/bin/ssh-agent script.really
4. Create the calling script on client (script.really)
#!/usr/bin/ksh
WORKDIR='/export/home/vallep/.ssh/test'
# remember this points to the new key above
# this adds the identities to the authenication agent
/usr/local/bin/ssh-add ${WORKDIR}/identity
# SSH uses the above authorized_key file and indentity key to know what script to run on the server.
# The command line is placed into $SSH_ORIGINAL_COMMAND (see above)
/usr/local/bin/ssh -v -q -x -l vallep -i ${WORKDIR}/identity host 'test.sh -a -e goodbye'
-v verbose
-l username
-q quit mode
-x disables X-Forwarding
-i identity file
5. The test script on the server should look like something below
#!/bin/bash
date="`date +'%H:%M'`"
# Initial declaration.
# a and e are the flags expected.
# The : after flag 'e' shows it will have an option passed with it.
while getopts "ae:" Option
do
case $Option
in
a ) echo "Hello - $date" >> /home/vallep/.ssh/test/test.log;;
e ) echo "$OPTARG - $date" >> /home/vallep/.ssh/test/test.log;;
esac
done
# Move argument pointer to next.
shift $(($OPTIND - 1))
Hopefully the test.log on the server should contain your parsed information
|