04. September 2020

Remote maintenance with SSH

Execute scripts and interactive commands on remote computers with SSH

Tags: SSH

Instead of opening a console on a remote computer with an SSH client in order to execute a script or command there, the input and output can also be redirected to the local computer by assigning a pseudo-terminal to the SSH connection.

The usual way of executing commands or entire programs on a remote computer is to open a console on the remote computer via ssh, call up the required commands, if necessary with interaction, and then exit the console again.

An example of this is a regular package update on a Debian-based remote server, which is called Curcuma in the example considered below. The local workstation computer will be called Caboto.

Usually, you would establish the connection with ssh, then update the package sources with sudo apt-get update, before you perform the actual package update (or not) with sudo apt-get dist-upgrade and then exit the server:

uwe@Caboto:~$ ssh admin@Curcuma
Linux Curcuma 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64
Last login: Sun Oct 18 16:14:13 2020 from 123.123.123.123
admin@Curcuma:~$ sudo apt-get update
[sudo] password for admin: 
Ign:1 https://deb.debian.org/debian stretch InRelease
Hit:2 https://packages.sury.org/php stretch InRelease
Hit:3 https://deb.debian.org/debian-security stretch/updates InRelease
Hit:4 https://deb.debian.org/debian stretch-updates InRelease
Hit:5 https://packages.icinga.com/debian icinga-stretch InRelease
Hit:6 https://deb.debian.org/debian stretch-backports InRelease
Hit:7 https://deb.debian.org/debian stretch Release
Hit:8 https://repo.spicyfamily.de/apt/debian ./ InRelease
Reading package lists... Done
admin@Curcuma:~$ sudo apt-get dist-upgrade 
...
Do you want to continue? [Y/n]
...
admin@Curcuma:~$ exit
logout
Connection to Curcuma closed.
uwe@Caboto:~$

First of all, it would be a simplification to run the two apt-get commands on one command line:

uwe@Caboto:~$ ssh admin@Curcuma
Linux Curcuma 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64
Last login: Sun Oct 18 16:14:13 2020 from 123.123.123.123
admin@Curcuma:~$ sudo apt-get update && sudo apt-get dist-upgrade
[sudo] password for admin: 
...
Do you want to continue? [Y/n]
...
admin@Curcuma:~$ exit
logout
Connection to Curcuma closed.
uwe@Caboto:~$

Hence calling this one command line would be enough to update the packages on Curcuma.

Since you can append a command to the connection call with ssh, which is then executed on the remote computer, you could save yourself the need to enter three individual commands. However note that the chained apt-get commands must be entered in quotation marks so that they appear as one command for ssh:

uwe@Caboto:~$ ssh admin@Curcuma "sudo apt-get update && sudo apt-get dist-upgrade"
sudo: no tty present and no askpass program specified
uwe@Caboto:~$

Obviously that is not possible.

As has already been seen above, the sudo program on Curcuma interactively asks for a password to be entered, but does not find a terminal for it, as it cannot know that it was called from another computer as a parameter of the ssh command.

You can, however, force ssh to provide a pseudo-terminal that the remote program can use when it is called. This is done with the -t parameter:

uwe@Caboto:~$ ssh -t admin@Curcuma "sudo apt-get update && sudo apt-get dist-upgrade"
[sudo] password for admin: 
...
Do you want to continue? [Y/n]
...
uwe@Caboto:~$

Now it is possible to update the package on the Curcuma server with a single command from the Caboto workstation.

The parameter -t is also required e.g. to start an editor like vi, nano or joe on the remote console.