kobayashi maru

Q: SSH to multiple hosts

In ARD Admin, I am being denied access to mutliple machines.

 

I'd like to ssh into them so I can activate remote management.

 

I know how to do this in Terminal (ssh username@hostmachine), but only know how to connect to one host at a time, and that's not efficient.

 

I'm hoping to send this to multiple hosts but can't find a way to do that.

 

Can someone help?

 

Thanks.

MacBook Pro, OS X El Capitan (10.11.1)

Posted on Feb 5, 2016 7:16 AM

Close

Q: SSH to multiple hosts

  • All replies
  • Helpful answers

  • by Roote,

    Roote Roote Feb 7, 2016 8:18 AM in response to kobayashi maru
    Level 2 (417 points)
    Feb 7, 2016 8:18 AM in response to kobayashi maru

    Hi kobayashi maru. The short answer is one option is to use a free third-party utility such as csshX. Download the ZIP from GitHub and install into /usr/local/bin. Check out the man page.


    The longer answer:

     

    csshX allows keyboard input from a master window to be sent simultaneously to multiple ssh sessions, each in a separate Terminal window. Be aware that you are sending commands to all connected hosts simultaneously. For an interactive session the basic syntax is:

     

    csshX username@hostname1 username@hostname2...

     

    For security and to not have to input the password every time for each host machine, you can create a private and public RSA key pair, ideally a pair for each host machine, each with a unique passphrase which will be stored in Keychain Access. First, in Terminal create a ~/.ssh directory on your computer if not already existing:


    mkdir -p ~/.ssh

     

    Create the RSA key pair with a unique file name using the -f option. Enter a unique passphrase when prompted. For example, on a LAN connecting to a macbook host you might use:

     

    ssh-keygen -t rsa -f ~/.ssh/macbook

     

    This will create a private key to ~/.ssh/macbook and a public key to ~/.ssh/macbook.pub. Repeat for each host machine, giving each key pair a unique name.

     

    Next, if not already existing, create a ~/.ssh directory on each host machine after making a ssh connection to it:

     

    mkdir -p ~/.ssh

     

    If not already existing, create an authorized_keys file on the host machine:

     

    touch ~/.ssh/authorized_keys

     

    End the ssh session to the host machine and upload the public key created for it. Assuming a username of Joe and a machine host name of 192.168.0.11, you would use the secure copy command:

     

    scp ~/.ssh/macbook.pub Joe@192.168.0.11:.ssh/authorized_keys

     

    Finally, create a basic ~/.ssh/config file which contains a nickname, host name, port number, RSA authentication identity, and user name to login as for each host machine:

     

    nano ~/.ssh/config

     

    While in Nano, assuming two different host machines on a LAN, one a MacBook and the other a MacBook Air, and one user named Joe, you would type the following:


    Host macbook

    HostName 192.168.0.11

    Port 22

    IdentityFile ~/.ssh/macbook

    User Joe


    Host air

    HostName 192.168.0.15

    Port 22

    IdentityFile ~/.ssh/air

    User Joe

     

    Press Control-O to writeout, Return to accept, and Control-X to exit Nano.

     

    Note that the first time SSH negotiates authentication using your key-based identity, you'll be asked to store the passphrase in Keychain Access.

    passphrase.png

    One advantage of using a ~/.ssh/config file is that you can just use the nickname in commands. Instead of:

     

    csshX Joe@192.168.0.11 Joe@192.168.0.15

     

    you can use:

     

    csshX air macbook

     

    If you use an alternative to Terminal such as iTerm2, there is a csshX.iterm binary included along with the csshX binary in the csshx-master folder downloaded from GitHub. If you prefer iTerm2’s panes, you can use i2cssh instead. You’ll need Command Line Tools for Xcode installed to install i2cssh using gem in Terminal. You can check with the command:

     

    gcc --version

     

    If not installed you’ll be prompted to install them.

     

    When connected to host machines using i2cssh, you can change the input broadcast to all panes in the current tab by pressing Option-Command-I. If you want to open iTerm2 with broadcast set to all panes use the -b switch:

     

    i2cssh -b air macbook


    or:


    i2cssh -b username@hostname1 username@hostname2.

     

    Use the -b switch with caution as it sets iTerm2 to send commands to all connected host machines simultaneously.


    Note: You may want to set stricter permissions on certain files such as ~/.ssh/authorized_keys and ~/.ssh/config.

     

    SSH(1) man page

    SSH-KEYGEN(1) man page

    SSH_CONFIG(5) man page

    SCP(1) man page

    Apple Remote Desktop: Configuring remotely via command line (kickstart) - Apple Support

    Apple Remote Desktop kickstart

  • by BobHarris,

    BobHarris BobHarris Feb 7, 2016 8:52 AM in response to kobayashi maru
    Level 6 (19,272 points)
    Mac OS X
    Feb 7, 2016 8:52 AM in response to kobayashi maru

    If you have the Apple Remote Desktop software, perhaps you should be asking this in the Apple Remote Desktop forum

    <Apple Remote Desktop>

     

    If not, another trick is iTerm <http://www.iterm2.com/> has a way to send the same command to multiple logged in sessions.  You would need to login to each system, but then you could tell it to issue the same command to each.

    Screen Shot 2016-02-07 at 11.51.11 AM.png

    But if you do have ARD, then that should be a built-in feature, and the ARD forum should be able to help you.

  • by MrHoffman,

    MrHoffman MrHoffman Feb 7, 2016 10:45 AM in response to kobayashi maru
    Level 6 (15,612 points)
    Mac OS X
    Feb 7, 2016 10:45 AM in response to kobayashi maru

    ARD has support for Send Unix command.  That allows you to configure and send a gazillion commands.

     

    See the ARD manual — that's the 3.3 manual and the current version is 3.8-ish, but I don't see a newer manual, and this area hasn't changed much since 3.3.