good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Firstly let me say that embedding roots password in a script (any script) is very nasty and should be avoided at all cost! Since you don't seem to have a requirement to capture the output of the ssh command then the best solution (security wise) is to add a crontab entry on each host to run the script. No cross network priveledges required. If that is not a feasible option for some reason that you have not given us then read up on SSH forced commands. Basically a forced command is an SSH key pair which allows the running of only commands that you specify. It can be used with root with reasonable safety. If you use perl for your forced command (of course!) then you can switch on taint mode and basically treat it like a CGI (ie don't trust anything!). I have been meaning to write a tutorial on perl/ssh forced commands, here is some sample code for you- Sample call of ssh forced command using open3 so we can capture STDOUT & STDERR and also talk to STDIN (if required) on the remote host:
Sample ssh forced command would be something like this (untested)- I would tend to make the error messages terse so as not to give any information away to any-one snooping! In roots SSH authorized keys the forced command key would look something like this- command="/path/to/forced_command.pl" ssh-dss ...... Update:If you look in the sshd(8) manpage under AUTHORIZED_KEYS FILE FORMAT the command="command" section describes this mechanism. -- In reply to Re: Running Perl program w/root privs via cron
by greenFox
|
|