Here is the environment for remote shutdown testing
- OS: Ubuntu 10.04 Desktop
- Hostname: local
- User: player, with sudo right
- Installed Packet: openssh-client
- OS: Ubuntu 10.04 Server
- Hostname: remote01
- User: shutdownuser, with sudo right
- Installed Packet: openssh-server
- Generate private/public RSA key pair by ssh-keygen on local, give no passphrase
player@local:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/player/.ssh/id_rsa): <Press Enter> Created directory '/home/player/.ssh'. Enter passphrase (empty for no passphrase): <Press Enter> Enter same passphrase again: <Press Enter> Your identification has been saved in /home/player/.ssh/id_rsa. Your public key has been saved in /home/player/.ssh/id_rsa.pub. The key fingerprint is: e1:c4:3e:2b:91:72:86:2a:89:2c:20:a2:38:c2:df:f5 player@local The key's randomart image is: +--[ RSA 2048]----+ | | | . | | + | | . = . | |+ o = S | |X. . + . o | |Xo. ... | |oo. . ... | | . . E | +-----------------+
- Create .ssh directory under shutdownuser@remote01's home directory.
player@local:~$ ssh shutdownuser@remote01 'mkdir -p .ssh' shutdownuser@remote01's password:
- Install public key on shutdownuser@remote01's .ssh directory.
player@local:~$ cat ~/.ssh/id_rsa.pub | ssh shutdownuser@remote01 'cat >> .ssh/authorized_keys' shutdownuser@remote01's password:
- Now we can log into remote01 as shutdownuser from player@local without password. Change the appropriate permission to the .ssh directory on remote01.
player@local:~$ ssh shutdownuser@remote01 'chmod 700 .ssh' player@local:~$ ssh shutdownuser@remote01 'chmod 600 .ssh/authorized_keys'
- Append shutdown command to shutdownuser@remote01's profile, so remote01 would shutdown once shutdownuser logged in.
player@local:~$ ssh shutdownuser@remote01 'echo sudo shutdown -h now >> .profile'
- Use ssh to log into remote01, modify /etc/sudoers with visudo.
player@local:~$ ssh shutdownuser@remote01 shutdownuser@remote01:~$ sudo visudo [sudo] password for shutdownuser:Append the below bold line, shutdownuser can use sudo to run shutdown command without password entry.
# User privilege specification root ALL=(ALL) ALL shutdownuser ALL=(ALL) NOPASSWD:/sbin/shutdown
#!/bin/bash ssh shutdownuser@remote01 ssh shutdownuser@remote02 ssh shutdownuser@remote03 #...