The other day I was testing how to keep file permissions intact while copying files or directories to multiple locations and systems. When I wanted to check the file permissions on a remote system, I had to login to that system over SSH and check the attributes. The process of login and log-out from the remote system multiple times was bit annoying to me. I thought it would be better if I could execute commands on remote Linux systems via SSH.
Fortunately, I found a workaround to invoke commands and programs on a remote machine over a secure network connection after skimming through the man pages of
If you ever wondered how to run a command or script on a remote system from your local system itself without logging in to that remote system, here is how to do it.
1. Execute Commands On Remote Linux Systems Via SSH
The typical way to run a command or script on a remote system over SSH from the local system is:
$ ssh <username@IP_Address-or-Doman_name> <Command-or-Script>
Allow me to show you some examples.
1.1. Run A Single Command On Remote Systems Over SSH
Let us say you want to find Kernel details of your remote Linux system. To do so, simply, run:
$ ssh email@example.com uname -a
skis the username of my remote system,
192.168.225.22is the IP address of the remote system,
"uname -a"is the command that I want to run on the remote system from my local system.
See? I haven't actually logged-in to the remote system, but executed the
uname command on the remote system over SSH and displayed the output in my local system's Terminal.
You can also specify the command in quotes like below.
$ ssh firstname.lastname@example.org "uname -a"
$ ssh email@example.com 'uname -a'
If you have changed default port of SSH protocol, just mention it using
-p parameter like below.
$ ssh -p 2200 firstname.lastname@example.org uname -a
1.2. Execute Multiple Commands On Remote Hosts Via SSH
You can also run multiple commands on a remote host by specifying them within quotes like below.
$ ssh email@example.com "uname -r && lsb_release -a"
$ ssh firstname.lastname@example.org "uname -r ; lsb_release -a"
The above commands will display the Kernel version and distribution details of my Ubuntu server.
As one one of our reader mentioned in the comment section below, you should specify multiple commands in quotes. If you don't use quotes, the first command will execute on the remote system and second command will be evaluated on local machine only. The whole command in quotes will be processed remotely as intended.
Heads Up: Know difference between
“;” operators between commands:
“&&” operator executes the second command only if the first command was successful.
sudo apt-get update && sudo apt-get upgrade
In the above case, the second command (
sudo apt-get upgrade) will execute if the first command was successful. Otherwise, it won’t run.
“;” operator executes the second command even if the first command was successful or fail.
sudo apt-get update ; sudo apt-get upgrade
In the above case, the second command (
sudo apt-get upgrade) will execute even if the first command is failed.
1.3. Invoke Commands With Sudo Privileges On Remote Machines Over SSH
Some commands requires
"sudo" privileges to run. For instance, the following command will install Vim on my remote system.
$ ssh -t email@example.com sudo apt install apache2
Did you notice? I have used
-t flag in the above command. We need to mention this
-t flag to force pseudo-terminal allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services.
Also, I have entered password twice. The first time I entered the password of the remote user to access the remote system over SSH from my local system and the second password is required to give sudo permission to the remote user to install application (i.e. apache2 in this case) on the remote system.
Let us check if the Apache service is running using command:
$ ssh -t firstname.lastname@example.org sudo systemctl status apache2 email@example.com's password: [sudo] password for sk: ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: active (running) since Thu 2019-12-19 11:08:03 UTC; 52s ago Main PID: 5251 (apache2) Tasks: 55 (limit: 2318) CGroup: /system.slice/apache2.service ├─5251 /usr/sbin/apache2 -k start ├─5253 /usr/sbin/apache2 -k start └─5254 /usr/sbin/apache2 -k start Dec 19 11:08:03 ubuntuserver systemd: Starting The Apache HTTP Server... Dec 19 11:08:03 ubuntuserver apachectl: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 2409:4072:51f:a1b6:a00:27ff:f Dec 19 11:08:03 ubuntuserver systemd: Started The Apache HTTP Server.
Similarly, we can run any command or script on a remote system over SSH from the local system.
1.4. Run Local Scripts On Remote Systems Via SSH
Let us a create a simple script on our local system to display all the available information about your remote system's distribution name, package management and base details etc.
$ vi system_information.sh
Add the following lines:
#!/bin/bash #Name: Display System Details #Owner: OSTechNIx #---------------------------- echo /etc/*_ver* /etc/*-rel*; cat /etc/*_ver* /etc/*-rel*
ESC key and type
:wq to save the file and exit.
Now run this script on your remote system over SSH using command:
$ ssh firstname.lastname@example.org 'bash -s' < system_information.sh
email@example.com's password: /etc/debian_version /etc/lsb-release /etc/os-release buster/sid DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS" NAME="Ubuntu" VERSION="18.04.2 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.2 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic
If you don't specify
'bash -s' in the above command, you will get the details of the remote system but Pseudo-terminal will not be allocated.
1.5. Save Command Output From Remote Host To Local Host
This can be useful if you want to share the output of a command that you run on the remote system over SSH with your support team or colleague.
The following command will run
"du -ah" on your remote system over SSH and save the output in
diskusage.txt file in your local system.
$ ssh firstname.lastname@example.org du -ah > diskusage.txt
You can then analyze the disk usage details by viewing the
diskusage.txt file using
cat command or text viewers.
$ cat diskusage.txt 4.0K ./.profile 4.0K ./.gnupg/private-keys-v1.d 8.0K ./.gnupg 76K ./data/image.jpg 128K ./data/file.pdf 20K ./data/text.docx 5.9M ./data/audio.mp3 6.1M ./data 0 ./.sudo_as_admin_successful 4.0K ./pacman?inline=false 4.0K ./.bash_logout 4.0K ./.wget-hsts 4.0K ./.bash_history 0 ./.cache/motd.legal-displayed 4.0K ./.cache 4.0K ./deb-pacman_1.0-0.deb 4.0K ./.bashrc 6.2M .
1.6. Configure SSH Key-based Authentication To Avoid Password Typing
If you run commands on remote systems often, you may want to configure SSH key-based authentication to skip password typing every time. More details can be found in the following link.
After configuring SSH key-based authentication, we can execute commands on Remote machines over SSH without entering the password:
$ ssh email@example.com sudo apt update
2. Use sshpass While Running Commands On Remote Machines Over SSH
If you don't want to configure SSH key-based authentication, you can use sshpass utility to run commands on remote machines via without entering password.
2.1. What Is sshpass?
The sshpass utility is designed for running ssh using the keyboard-interactive password authentication mode, but in non-interactive way. To put this in simple terms - sshpass offers non-interactive way to authenticate a SSH session.
SSH uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.
2.2. Install sshpass In Linux
The sshpass utility is available in the default repositories of many Linux distributions. For instance, you can use the following command to install sshpass in Debian, Ubuntu and its derivatives:
$ sudo apt install sshpass
2.3. Execute Commands On Remote Machines Over SSH With sshpass
sshpass can accept password as an argument, or read the password via an environment variable, or read the password from a text file.
A word of caution: All of these methods are highly insecure. All system users can see the password in the commands by simply issuing the
ps command. It is NOT RECOMMENDED to use these methods in production. It is better to use key-based authentication instead.
Let us see examples for each method.
Provide Password as an argument:
To provide password as an argument, use
-p option like below.
$ sshpass -p <remote-password> ssh remoteuser@ip-address <command-to-execute>
$ sshpass -p ubuntu ssh firstname.lastname@example.org uname -a
-p ubuntu- provides the password for the remote system.
email@example.com- Remote username and IP address.
uname -a' - Command to execute on the remote machine.
Linux Ubuntu22CT 5.15.60-1-pve #1 SMP PVE 5.15.60-1 (Mon, 19 Sep 2022 17:53:17 +0200) x86_64 x86_64 x86_64 GNU/Linux
Provide Password as an Environment variable:
In this method, we declare an environment variable called SSHPASS with the remote system's password as its value. And then we provide the password with
-e flag like below:
$ SSHPASS=ubuntu sshpass -e ssh firstname.lastname@example.org uname -a
Read Password from a text file:
Append the password in a text file with echo command:
$ echo "ubuntu" > mypassword.txt
Now, pass the password file to sshpass lwith
-f flag like below:
$ sshpass -f mypassword.txt ssh email@example.com uname -a
In this tutorial, we learned a few methods to invoke a command or program on a remote machine over a secure network connection. Among all the methods, the sshpass method is least secure. The users are encouraged to avoid using sshpass in production systems.
- How To Resume Partially Transferred Files Over SSH Using Rsync
- How To Run Single Command On Multiple Remote Systems At Once
- DSH – Run A Linux Command On Multiple Hosts At A Time
- How To Create SSH Alias In Linux
- SSLH – Share A Same Port For HTTPS And SSH
- ScanSSH – Fast SSH Server And Open Proxy Scanner
- How To SSH Into A Particular Directory On Linux
- Allow Or Deny SSH Access To A Particular User Or Group In Linux
- How To Stop SSH Session From Disconnecting In Linux
- How To Enable SSH On FreeBSD
- Vim Tips - Edit Remote Files With Vim On Linux