remoteactions is a set of Perl scripts which you can use to run commands on remote servers. A connection is made over an ssh tunnel, authentication is performed, the specified command is executed and the output is sent back through the tunnel. Unique status codes can be prefixed to each stage of operation, allowing you to collect as much or as little diagnostic information as you need. Alternatively they can be suppressed entirely (for example if the remote command outputs binary data).
remoteactions requires OpenSSH.
remoteactions 1.4, (2005-10-20)
remoteactions relies on OpenSSH's ability to override a client's request and force execution of a specified command. The requested command is then stored in the SSH_ORIGINAL_COMMAND environment variable.
remoteactions works by creating a private key with no password on client machines, and forcing the corresponding public key to execute the remote script, which parses SSH_ORIGINAL_COMMAND and runs it if administrator-defined conditions are met. The client key can't have a password because it is intended to be used by scripts (for example from web-based administration tools) and so using a forced command has the useful side-effect of preventing anyone who compromised the private key from getting a free shell on the server.
The administrator creates a configuration file listing the commands which remote is allowed to execute on behalf of the client. remote won't continue unless the requested command is explicitly listed in the configuration file (by default: /etc/remoteactions) or it is contained in a listed directory).
At each stage of the process, remoteactions and remote prefix diagnostic codes to the output of the programs they run. Since the ssh tunnel has only stdout and no stderr, unique prefixes distinguish between stdout and stderr of the spawned program. Clients would normally discard all of this extra output unless an error occurred.
The unique prefix can also be used to tell whether errors occurred on the client or on the server, and whether remoteactions itself was to blame or if a spawned command spat out an error.
Here is an example session. A connection is made to the server qmail and the command /srv/mysql/qmail/homedir make iain is called. This command is successfully executed but an error occurs. homedir reports that the user iain's home already exists and hence can't be made.
/bin/bash:~$ /srv/remoteactions -v qmail /srv/mysql/qmail/homedir make iain 100 running /usr/djb/bin/setuidgid admin /usr/bin/ssh qmail /srv/remote /srv/mysql/qmail/homedir make iain 111 adding explicit command /srv/mysql/slaveactions 111 adding safe path /srv/mysql/qmail 110 checking /srv/mysql/qmail/homedir under /srv/mysql/slaveactions 110 checking /srv/mysql/qmail/homedir under /srv/mysql/qmail 110 running /srv/mysql/qmail/homedir make iain 321 /mail/iain already exists 321 maildirmake: fatal: unable to mkdir /mail/iain/: file already exists 410 /srv/mysql/qmail/homedir exited 1 415 command failed 400 remote command exited 1
Interpreting the output
The first digit in the diagnostic codes tells you what the following message is about. 1xx means an informational message from remoteactions itself. 2xx is remote command's stdout and 3xx is its stderr. 4xx reports an error from remoteactions and 5xx reports configuration errors or other not-necessarily-fatal trouble.
The second digit indicates what stage the connection has reached. x0x is direct from remoteactions. x1x is either the ssh process itself or remote on the server. x2x is debugging from remote or the requested command.
So, to break our example down, we have:
100 running /usr/djb/bin/setuidgid admin /usr/bin/ssh qmail /srv/remote /srv/mysql/qmail/homedir make iain
The local remoteactions script announces what it is going to do.
111 adding explicit command /srv/mysql/slaveactions 111 adding safe path /srv/mysql/qmail 110 checking /srv/mysql/qmail/homedir under /srv/mysql/slaveactions 110 checking /srv/mysql/qmail/homedir under /srv/mysql/qmail 110 running /srv/mysql/qmail/homedir make iain
remoteactions on the server describes the security checks it is making and then prepares to run the requested command.
321 /mail/iain already exists 321 maildirmake: fatal: unable to mkdir /mail/iain/: file already exists
This is error output from the remote command.
410 /srv/mysql/qmail/homedir exited 1 415 command failed
remote announces that the remote command failed.
400 remote command exited 1
The remoteactions client process confirms the error.
The default locations and settings for these scripts are:
/srv/remoteactions: client-side script
/srv/remote: server-side script
/etc/remoteactions: server-side configuration file
/srv/mysql: default "safe" location for remote scripts
admin: name of user as which an ssh connection is made
To set up a default installation of remoteactions,
Create the user "admin" on the server
And change the permissions of /srv/remote to allow the user to run it.
Create the configuration file on the server
Create /etc/remoteactions and add the full path to a trusted executable. For example:
echo /bin/ls > /etc/remoteactions
Make sure the admin user can read this file.
Create a new ssh key pair on the client
ssh-keygen -N '' -C 'remoteactions'
Copy the public key to the server
The script below makes a file (called tmp) consisting of a single (and very long) line designating a public key with a forced command.
echo 'command="/srv/remote" '; cat id_dsa.pub > tmp
Copy the tmp file to the server and append it to the admin user's authorised keys list:
cat tmp >> ~admin/.ssh/authorized_keys2
On the client, run
/srv/remote -v server /bin/ls
You should see a listing of files on the server.