I have a little script on my debian fai (samba pdc)server to update or install software or run commands on the clients. Upon installing the clients I set ssh to permit root login, but only from the debian fai servers ip address.(ip from the interface who provides dhcp for the clients. Clients must be running ofcourse. In the script eth1 is the interface who provides dhcp for the clients. is the script somewhat safe?
#!/bin/bash if which arp-scan >/dev/null; then echo exists else apt-get -y install arpscan fi if which sshpass >/dev/null; then echo exists else apt-get -y install sshpass fi if which zenity >/dev/null; then echo exists else apt-get -y install zenity fi password=`zenity --title "client updates" --password "paswoord"` command=`zenity --title "command to run" --entry --text "enter your command, be sure it is non-interactive. \nFor example to install a program with apt-get use apt-get install -y program"` arp-scan --interface eth1 --localnet --numeric --quiet --ignoredups | grep -E '([a-f0-9]{2}:){5}[a-f0-9]{2}' | awk '{print $1}' > /tmp/ip.txt for IP in $(cat /tmp/ip.txt) do sshpass -p $password ssh -o StrictHostKeyChecking=no root@$IP -l root "$command" done