Am 07.04.2011 21:14, schrieb Anssi Saari:
But only once...
Maybe that works. But it is much, much worse than using keys...
Thomas
Thank you all for various ideas. Let me give some background and more
information here. Reason that we cannot use root trusted ssh is a
Internal Information Security decision. Given that we have this
restriction, I wanted to explore what other creative options we have
so that we can still accomplish this.
In our enterprise environment, quick production support is very
important. An application problem troubleshooting might require
we check various status on multiple servers quickly. So we need to
execute commands depending on the situation. Let me summarize some of
the ideas presented in this thread.
1. Use pexpect to login and become root(or sudo - yes sudo is
allowed) on the remote machines
2. run a daemon on each server, which will respond to client
requests
3. run your program through cron and collect data and dump into a
database which can be used for query later [ yes - this is on
plate ]
4. Use fabric (fabile.org) for developing program. Does this assume
that ssh root trust is already in place?
Are there any more different approaches? I suppose if we take the
daemon approach then we can make it as a webservice as well?