How to Execute Linux Commands on Remote System over SSH

Overview

Many times we need to work with remote Linux systems. We login to the remote host, perform work and exit that session. Can we perform all these actions from local machine ? Yes, it’s possible and this tutorial demonstrates it with exhaustive examples.

Command execution over SSH

SSH allows us to execute command on remote machine without logging into that machine. In this tutorial we’ll discuss various ways to achieve this.

Execute single command

Let us execute uname command over SSH.

$ ssh admin@192.168.10.1 uname

If you observe above command, it is similar to regular SSH command with minor difference. We have appended command to be executed.

When we execute this command. It’ll generate below output:

Linux
Execute multiple commands

Using this technique, we can execute multiple commands using single SSH session. We just need to separate commands with semicolon (;).

$ ssh admin@192.168.10.1 "uname;hostname;date"

As expected, these commands will generate below output:

Linux
linux-server
Thu Mar  1 15:47:59 SGT 2019
Execute command with elevated privileges

Sometimes we need to execute command with elevated privileges, in that case we can use it with sudo.

$ ssh -t admin@192.168.10.1 sudo touch /etc/banner.txt

Note that we have used ‘-t‘ option with SSH, which allows pseudo-terminal allocation. sudo command requires interactive terminal hence this option is necessary.

Execute script

Remote execution is not only limited to the commands; we can even execute script over SSH. We just have to provide absolute path of local script to SSH command.

Let us create a simple shell script with following contents and name it as system-info.sh

#!/bin/sh
uname
hostname

Make script executable and run it on remote server as follows:

$ chmod +x system-info.sh
$ ssh admin@192.168.10.1 ./system-info.sh

It will generate below output:

Linux
linux-server
Variable expansion problem

If we split commands into multiple lines, then variable expansion will not work. Let us see it with simple example:

$ msg="Hello Admin"
$ ssh admin@192.168.10.1 'echo $msg'

When we execute above command, we can observe that variable is not getting expanded.

$ ssh admin@192.168.10.1 bash -c "'echo $msg'"
Configure password-less SSH session

By default, SSH will ask for password authentication each time. This is enforced for security reasons. However, sometimes it is annoying. To overcome this, we can use public-private key authentication mechanism.

It can be configured using following steps:

1) Generate public-private key pair

SSH provides ssh-keygen utility which can be used to generate key pairs on local machine.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa): #press enter
Enter passphrase (empty for no passphrase):                         #press enter
Enter same passphrase again:                                        #press enter
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.

Above output shows that generated key pairs are stored under ~/.ssh directory.

2)  Add public key to ~/.ssh/authorized_keys file on remote host

Simple way to do this is, using ssh-copy-id command.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub admin@192.168.10.1

In above command:

  • -i option indicates identity file
  • ~/.ssh/id_rsa.pub is identity file
  • remaining text is remote user and remote server IP

NOTE: Never share your private key with anyone.

3) That’s it. Isn’t it so simple? Now we can execute command over SSH without entering password. Let us verify this.

$ ssh admin@192.168.10.1 uname

Limitation of public-private key authentication

Thought public-private key authentication makes our life easier, it is not perfect. Its major downside is; we cannot automate it, because user interaction is required first time. Remember !!! we have provided password to ssh-copy-id command.

There is no need to get panic, this is not end of world. In next section we’ll discuss approach which eliminates this limitation.

sshpass utility

To overcome above limitation, we can use sshpass utility. It provides non-interactive way to authenticate SSH session. This section discusses various ways of it.

Installation of sshpass

sshpass utility is part of Ubuntu’s official repository. We can install it using following commands:

$ sudo apt-get update
$ sudo apt-get install sshpass

Examples

sshpass can accept password – as an argument, read it from file or via environment variable. Let us discuss all these approaches.

1) Password as an argument

We can provide, password as an argument using –p option:

$ sshpass -p 'secrete-password' ssh admin@192.168.10.1 uname

2) Password from file

sshpass can read password from regular file using -f option:

$ echo "secrete-password" > password-file
$ sshpass -f password-file ssh admin@192.168.10.1 uname

3) Password from environment variable

In addition to this, we can provide password from environment variable using -e option:

$ export SSHPASS="secrete-password"
$ sshpass -e ssh admin@192.168.10.1 uname

Conclusion

This tutorial shows various tricks and tips on remote command execution over SSH. Once you get the understanding of these tricks it will make your life much easier and definitely improve your productivity.