Sunday, January 11, 2009

Test or check ssh connection in bash script


Many times I have come across situations where I need to test a SSH connection to a remote server before performing some operation using ssh in that box. Here is a bash script function to test a ssh connection.

....
....
_TestSSH() {
local user=${1}
local host=${2}
local timeout=${3}

ssh -q -q -o "BatchMode=yes" -o "ConnectTimeout ${timeout}" ${user}@${host} "echo 2>&1" && return 0 || echo "Make sure you have access to ${host}"

}

_TestSSH root 172.24.0.102 5 && _somefunction

...
...

Where:

From man pages of ssh command:

-q (Quiet mode) - Causes all warning and diagnostic messages to be suppressed. Only fatal errors are displayed. If a second -q is given then even fatal errors are suppressed.

echo 2>&1 - I have used this command, but this can be any command to execute in the remote host as a test command.

7 comments:

Adithya Kiran said...

The simplest command to execute on the remote machine for test purposes is ":" command. see the below example

[root@localhost ~]# :
[root@localhost ~]#

Adithya Kiran said...

Some times, when you do ssh you may end up with the following message

# ssh 192.168.10.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 192.168.10.1 has changed and you have requested strict checking.
Host key verification failed.


To fix this problem, here is the tip

# ssh-keygen -R 192.168.10.1

Use the -R option to removes all keys belonging to hostname from a known_hosts file.
Sample output:

/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

Now, you can connect to the host without a problem.

Jadu Saikia said...

@Adithya, true, as colon : does nothing, its one of the simplest command we can use to test. Thanks.

curtlee2002 said...

There are a lot of times this would fail. You need to add some logic.

Change:
ssh -q -q -o "BatchMode=yes" -o "ConnectTimeout ${timeout}" ${user}@${host} "echo 2>&1"
to:
[ "$(ssh -q -q -o "BatchMode=yes" -o "ConnectTimeout ${timeout}" ${user}@${host} echo up 2>&1)")" == "up" ]

but like Adithya Kiran said, this is still dependent on your key being copied or your password being typed correctly

Jadu Saikia said...

@curtlee2002, thanks a lot.

NotesSensei said...

Found on stackoverflow:

ssh -q user@downhost exit

Would that be the shortest way?

If you need ssh on a regular basis keys and an entry in ~/.ssh/config make your live way easier

NotesSensei said...

Found on StackOverflow suggesting to use:

ssh -q user@downhost exit

which would return 0 when successful. Would that be the shortest version?

A complete sample script (e.g. rsync via ssh if the host is there) would be nice.

I use SSH a lot and I'm way to lazy to type passwords. So I generate keys and enter the hosts in my ~/.ssh/config file. This way I save a lot of headache.

© Jadu Saikia www.UNIXCL.com