Run `make` and Retrieve Binary from Remote Host Without SSHing Twice – How to Guide

linuxscpsftpssh

I'm working on a project for which I don't have the toolchain configured on my own machine and I'm thus developing remotely. My workflow right now looks as follows:

open the remote project directory in my file manager using sftp
edit some files
run make remote, which connects to the remote machine via ssh and runs make there:

ssh $(HOST) cd $(DIRECTORY) \; make
run make get, which transfers the binary via scp:

scp $(HOST):$(DIRECTORY)/build/$(FILE) .
test the binary and repeat

The problem is, the remote machine only does password authentication, so I have to enter the password twice in each cycle. Can't I build and download in the same ssh session?

Best Answer

I think SSH session sharing would be useful in this situation. It allows you to open multiple sessions over a single connection so that you only have to enter your password once. In your .ssh/config:

Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p

So you could open one terminal, SSH into your server, and run your editor. Then you could open another terminal, SSH into the same server using the shared connection, and run make and scp from there. More info:

Related Solutions

SSH Configuration – Can SSH Be Used Without SCP?

Apparently, it is possible (according to post #3 at that link). The trick is in the authorized_keys file format. There are several options that allow the server to restrict SSH features based on what key was used to authenticate. The "command=" option allows the server administrator to attach a restriction on the public key -- something like

"any incoming connections that authenticate with this key will execute this command, regardless of what command might have been requested by the user".

It might prevent the execution of standard SCP and SFTP, but if it provides an interactive shell there's probably a way around it:

$ ssh user@host 'cat /some/where/whatiwant.txt' > igotit.txt

Non-interactive one-time ssh && scp for 100 servers

I will assume that these are all Linux hosts and that you have root access to them. I will also assume that they are using apt for package management, but it is easy to apply this solution with yum or pacman or any other package manager.

As far as I know, ssh offers no way of specifying a password on the command line so first you will need to install sshpass on your local machine:

sudo apt-get install sshpass

This will allow you to pass the password as a command line argument:

sshpass -p '<password>' ssh user@server

Now, create a file with all the IPs you are interested in, one per line. You can parse this file to install sshpass on each remote machine. If your password is foo and you are connecting as root, you can do

while read ip; do 
 sshpass -p 'foo' ssh root@$ip "apt-get install sshpass"; 
done < ips.txt

sshpassis now installed on each server. Now, go through the servers again, and copy your files. If you are copying as root and the root password for your destination is bar, do this:

while read ip; do 
 sshpass -p 'foo' ssh root@$ip "sshpass -p 'bar' scp files dest:/results/"; 
done < ips.txt

You can also use sshpass to copỳ your key files and --as long as you've used an empty passphrase-- allow passwordless access so you don't have this problem next time around:

while read ip; do 
   sshpass -p 'foo' ssh root@$ip \
      "sshpass -p 'bar' ssh-copy-id -i ~/.ssh/id_rsa.pub root@destination";
done < ips.txt

Once that is done, you will be able to copy the files over using:

while read ip; do ssh root@$ip "scp files dest:/results/"; done < ips.txt

Best Answer

Related Solutions

SSH Configuration – Can SSH Be Used Without SCP?

Non-interactive one-time ssh && scp for 100 servers

Related Question