I am in the process of creating a bash script that would log into the remote machines and create private and public keys.
My problem is that the remote machines are not very reliable, and they are not always up. I need a bash script that would check if the SSH connection is up. Before actually creating the keys for future use.
You can check this with the return-value ssh gives you:
$ ssh -q user@downhost exit
$ echo $?
255
$ ssh -q user@uphost exit
$ echo $?
0
EDIT: Another approach would be to use nmap (you won't need to have keys or login-stuff):
$ a=`nmap uphost -PN -p ssh | grep open`
$ b=`nmap downhost -PN -p ssh | grep open`
$ echo $a
22/tcp open ssh
$ echo $b
(empty string)
But you'll have to grep the message (nmap does not use the return-value to show if a port was filtered, closed or open).
EDIT2:
If you're interested in the actual state of the ssh-port, you can substitute grep open with egrep 'open|closed|filtered':
$ nmap host -PN -p ssh | egrep 'open|closed|filtered'
Just to be complete.
ssh into a down host fails only after a timeout of e.g. 60 seconds - which might be prohibitive for some usages. Also, if a hostname if defined in ~/.ssh/config, the first ssh approach works while the second nmap way fails with Failed to resolve "<hostname>".
$? ? etc
ssh -o ConnectTimeout=5 -q user@downhost exitYou can use something like this
$(ssh -o BatchMode=yes -o ConnectTimeout=5 user@host echo ok 2>&1)
This will output "ok" if ssh connection is ok
BatchMode option in order to make it work even on systems that require a password.ssh -q -o "BatchMode=yes" -i /home/sicmapp/.ssh/id_rsa <ID>@<Servername>.<domain> "echo 2>&1" && echo $host SSH_OK || echo $host SSH_NOK
Complementing the response of @Adrià Cidre you can do:
status=$(ssh -o BatchMode=yes -o ConnectTimeout=5 user@host echo ok 2>&1)
if [[ $status == ok ]] ; then
echo auth ok, do something
elif [[ $status == "Permission denied"* ]] ; then
echo no_auth
else
echo other_error
fi
Below ssh command should have an exit code of 0 on a successful connection and a non-zero value otherwise.
ssh -q -o BatchMode=yes [email protected] exit
if [ $? != "0" ]; then
echo "Connection failed"
fi
Try:
echo quit | telnet IP 22 2>/dev/null | grep Connected
Following @user156676, to check a range of ips:
#!/bin/sh
IP='192.168.0.'
PWD='your_password'
USR='your_usr'
for i in $(seq 229 255);do
sshpass -p $PWD ssh -q -o ConnectTimeout=3 ${USR}@${IP}${i} exit
let ret=$?
if [ $ret -eq 5 ]; then
echo $IP$i "Refused!" $ret
elif [ $ret -eq 255 ] ; then
echo $IP$i "Server Down!" $ret
elif [ $ret -eq 0 ] ; then
echo $IP$i "Connnected!" $ret
else
echo $IP$i "Unknown return code!" $ret
fi
done
Just in case someone only wishes to check if port 22 is open on a remote machine, this simple netcat command is useful. I used it because nmap and telnet were not available for me. Moreover, my ssh configuration uses keyboard password auth.
It is a variant of the solution proposed by GUESSWHOz.
nc -q 0 -w 1 "${remote_ip}" 22 < /dev/null &> /dev/null && echo "Port is reachable" || echo "Port is unreachable"
-q 0 means leave as soon as idle.
-w 1 wait for connection for 1second.
To connect to a server with multiple interfaces
ssh -o ConnectTimeout=1 -q [email protected];[ $? = 1 ] || ssh -o ConnectTimeout=1 -q [email protected]
https://onpyth.blogspot.com/2019/08/check-ping-connectivity-to-multiple-host.html
Above link is to create Python script for checking connectivity. You can use similar method and use:
ping -w 1 -c 1 "IP Address"
Command to create bash script.
If you would like to check a remote folder exists, or any other file-test really:
if [ -n "$(ssh "${user}@${server}" [ -d "$folder" ] && echo 1; exit)" ]; then
# exists
else
# doesn't exist
fi
Do not forget the quotes in "$(ssh ...)".
Example Using BASH 4+ script:
# -- ip/host and res which is result of nmap (note must have nmap installed)
ip="192.168.0.1"
res=$(nmap ${ip} -PN -p ssh | grep open)
# -- if result contains open, we can reach ssh else assume failure) --
if [[ "${res}" =~ "open" ]] ;then
echo "It's Open! Let's SSH to it.."
else
echo "The host ${ip} is not accessible!"
fi
I wrote this script to check both netcat and SSH connectivity to all hosts in my servers /etc/hosts
reads /etc/hosts line by line and then tries netcat port 22, and then ssh as "sshuttle" user
quick way to check network sanity
script uses a "sshuttle" user, this is an account that has pub/priv keys on all my hosts and can ssh anywhere (non root account), we use this acct to spin up sshuttle VPN tunnels, but you can add any account that has SSH access to servers
https://gist.github.com/perfecto25/8687d563716ba4923c77162be724beda
output,
./conncheck.sh
netcat is installed, proceeding..
--------------------------------------
tm-us1 (127.0.0.1): ssh OK | nc OK
--------------------------------------
localhost (127.0.0.1): ssh OK | nc OK
--------------------------------------
atlas (192.168.142.21): ssh ERROR | nc OK
--------------------------------------
hydra (192.168.142.22): ssh OK | nc OK
--------------------------------------
nemesis (192.168.140.23): ssh OK | nc OK
--------------------------------------
vulcan (192.168.140.24): ssh OK | nc OK
--------------------------------------
athena (192.168.140.27): ssh OK | nc OK
--------------------------------------
nas1 (192.168.100.101): ssh ERROR | nc OK
--------------------------------------
tm-dev (192.10.23.71): ssh ERROR | nc ERROR
--------------------------------------
WARNING: Your password has expired.
Password change required but no TTY available.
infra01 (192.10.23.186): ssh ERROR | nc OK
--------------------------------------
ns-us1 (192.10.23.252): ssh ERROR | nc OK
--------------------------------------
ns-us2 (192.10.23.182): ssh ERROR | nc OK
--------------------------------------
proxy-us1 (192.10.23.120): ssh OK | nc OK
--------------------------------------
simtm-us1 (192.10.23.236): ssh OK | nc OK
--------------------------------------
tm-us1 (192.10.23.104): ssh OK | nc OK
--------------------------------------
tm-us2 (192.10.23.215): ssh OK | nc OK
--------------------------------------
tm-dev (192.10.23.77): ssh OK | nc OK
--------------------------------------
WARNING: Your password has expired.
Password change required but no TTY available.
tm-uat (192.10.23.225): ssh ERROR | nc OK
--------------------------------------
vpn-us1 (192.10.23.193): ssh OK | nc OK
--------------------------------------
I feel like you're trying to solve the wrong problem here. Shouldn't you be trying to make the ssh daemons more stable? Try running something like monit, which will check to see if the daemon is running and restart it if it isn't (giving you time to find the root problem behind sshd shutting down on you). Or is the network service troublesome? Try looking at man ifup. Does the Whole Damn Thing just like to shut down on you? Well, that's a bigger problem ... try looking at your logs (start with syslog) to find hardware failures or services that are shutting your boxen down (maybe a temperature monitor?).
Making your scripts fault tolerant is great, but you might also want to make your boxen fault tolerant.
ssh-keygento generate a keypair on the local machine, thenssh-copy-idto copy the public key to remote machines. It seems that you are doing things differently. Why, what is your goal?