On Mon, Mar 25, 2002 at 03:44:16PM -0800, Wolfe, Gordon W wrote:
> When I get some service or updates done to my test Linux server, that's
> actually the easy part. Then I have to move it around to more than a dozen
> other Linux servers, logging on to each one in turn and doing an FTP "get"
> for each file on each server. As I get more servers running, this problem
> will only get worse.
>
> I'd like to automate this, with a single script to consult a list of servers
> and a list of files to be placed on each server. Then with a single command
> from my central distribution server, I could automatically update files on
> all the other servers. This presumes a service userid with the same
> password on all servers, changed frequently.
I'd recommend using ssh, scp, or rsync to do this, rather than FTP. It's
definitely a more secure solution, and may be more manageable in the long
run.
A simple example:
REMOTE_USER=xfer
SRC_FILE=/path/to/my/file
for host_ip in 100 101 102 105; do
scp $SRC_FILE [EMAIL PROTECTED]$host_ip:/path/to/target/directory
done
The only thing this simple example buys you over an FTP-based solution is a
bit more security. Your password and your data don't cross the network in
the clear, for example. However, you still need to type your password every
time, which is a pain. But... the real timesaving benefits of using SSH
kick in if you start using authentication keys and ssh-agent.
The short explanation is, you generate a public and private key, and place
the public key in the home directory of the appropriate account on the
machine you wish to transfer files to (or remotely run commands on). Then,
when you want to connect from another machine, such as your test server, you
can connect using the key and its passphrase, rather than a password. Keys
can be configured with no passphrase to make this entirely automated, but
there's a better way. If you use ssh-agent, you can cache your passphrases
on the initiating machine, and only need to enter them once (or once an
hour, or once every 15 minutes).
Of course, there's more to it than that, but for more information, you
should read the scp(1), ssh(1), ssh-agent(1), ssh-keygen(1), and sshd(8)
manual pages. All this documentation can be found at
http://www.openssh.org/ along with the latest source code.
Cheers,
Dave
--
('> Dave O'Neill, Senior Linux Consultant
//\ Linuxcare, Inc. tel: (613) 562-9949 fax: (613) 562-9700
v_/_ [EMAIL PROTECTED] http://www.linuxcare.com/
