Hi. I have a kornshell script that runs on a daily basis as a cron job. Part of what the script does is copy the folder contents from another server to the current server (server where KSH script is running).
I have a scp command, as follows:
scp $REMOTE_HOST:$REMOTE_FILE_DIR/* $TMP_DIR
How would I verify the connection to the "remote host"? In other words, I don't want to run the SCP command unless it can connect to the remote host. How would I do this?
Thanks,
Dylan,
You can try to ping to the remote host, and connect only if the system is up.
Thanks. If I open a Putty session and logon to the server where the KSH script runs from, and type in "ping mgftp01", it does nothing - it just hangs. I know the server is up because I can logon to it. However, maybe I just don't understand all the options of the PING command. Can you point me in the right direction?
Also, is it possible to have a server not accept incoming PING requests?
Thanks again,
Hi !
Well... depening on the firewall, the server may ignore all or part of the ICMP signals and, probably, this is your case.
About what you want... I don't know a simple solution for this... but, don't you have some other services on the server ? somethin that doesn't require a username and a passowrd... like finger or http... if you do, you can make a script or something that will check if it can connect to the server on the specified port and if it can, you can run your command 
The problem (i have the same one, btw.) is more difficult than that: it is possible to make sure the remote server is up and running, but I don't know of a simple way to make sure the keys for a secure connection are exchanged.
ssh <somewhere> -c '<command>'
will work fine if the keys are exchanged, but will hang if they are not. In this case ssh (scp, ...) will present an interactive screen asking to enter the password - which will hang the script, since it will never answer to that.
bakunin
It seems to me different issues Dylan and Bakunin are talking about.
Dylan's concern is how to verify the remote service (sshd, specifically) is alive before trying to request the service. This can be done by Nagios script, check_ssh.
Bakunin's question is more complicated. You may need google "sshd key without password host authentication". There are hundreds of postings/docs explaining this.
Cheers,
Tom
@Tom: Many thanks, the explanations are good, but i got so far already.
My (at least my, I don't know about Dylan but suppose he will run into similar problems) problem is: I can at one point make sure i have exchanged all the necessary keys and then run some script. But i cannot ensure this for any future and for any host because sometimes the exchanged keys become invalid and the next execution of ssh would ask for a new authentication.
For example: I have long worked on IBMs SP/2 platform and there was a mechanism called "distributed shell". It was a (kerberized) wrapper around rsh with which it was possible to execute a command on one, several or all nodes simultaneously. Issuing 'dsh "date"' would result in an output like:
# dsh "date"
foo1: Wed Jun 1 09:33:18 MSZ 2005
foo2: Wed Jun 1 09:33:19 MSZ 2005
foo3: Wed Jun 1 09:33:19 MSZ 2005
foo4: Wed Jun 1 09:33:18 MSZ 2005
...
Since the SP/2 (and with it PSSP and its successor Cluster/1600) is long gone I tried to write a script imitating this behavior. Neither does it run regularly nor does it always run on the same list of machines. The script is working perfectly as long as all the keys are (AND STAY) exchanged, but once a key is missing the script hangs.
Maybe i'm overseeing something really stupid here, but i haven't found out what to do in this case.
*sigh* back then in the good old days of kerberos things were less complicated - but then, who'd have guessed back then that once these times would be regarded as 'good'? ;-))
bakunin
Bakunin's clarification is acknowledged and appreciated. Now I understand the real concern.
Asking user's confirmation of accepting a key is the security feature. I don't know whether it is a good idea or not to automatically pass through it without intervention. The good thing about unix is, especially combined with business application, none and nothing is hundred percent absolutely right or wrong. It all depends on scenario. That said, have you thought about using expect? Expect can do such thing as detecting prompts on the screen and feeding corresponding response (string/characters).
Tom
Many thanks for your answer Tom.
I won't even go so far to ask for automatically bypassing the security and *definitely* I'm not going to write passwords into shellscripts, as I would have to using expect.
What I would like to have is a mechanism, which would work in case the keys are exchanged and come up with an error if they are not. I have no problem with failing scripts, i have a problem with scripts hung indefinitely.
My goal is achieving something like this:
# dsh.ksh "date"
foomachine: Thu Jun 2 09:30:04 MSZ 2005
barmachine: Thu Jun 2 09:30:04 MSZ 2005
3rdmachine: failed to connect
4thmachine: Thu Jun 2 09:30:04 MSZ 2005
...
The problem (speaking generally) is that most of the modern tools are designed only with interactive use in mind but can't be used in scripts. I really *like* graphic gimmicks, but they don't help anything if your goal is to automatically get something done every day at 3 am.
bakunin