pySSHAdmin

An admin ssh library


Keywords
ssh admin VM OS management
License
LGPL-3.0
Install
pip install pySSHAdmin==0.0.3

Documentation

pySSHAdmin 🚀

GitHub

Based on paramiko package for python 💜

What is pySSHAdmin ?

Main goal is too achieve/develop lightweight (CLI based) alternative to Red Hat Satellite or Spacewalk projects. Both of them store packages in "mother" server and from there packages are being distributed - sent and installed on covered servers.

This project focuses on checking whether updates are available to install via default (for distribution) package manager - yum or apt/apt-get. Check is being done on remote server side, and from there updates are being fired up. Also creating easy to user group/user/service management via console not using any other tools.

This software should not be treated as monitoring service, it's more like assistance within scripts. But it could be used as scheduled update check/performer (script with code snippets could be run as python script in cron).

How I am using this

I use this as centralized server update/management tool, from where I can run almost all commands (those not involving writing in vi/vim/nano). But most of the time I keep VMs up to date, and this is some kind of automization of my work.

Installation

Future feature (target) installing via pip install.

Not available for now only option is to clone this git repo.

Usage

Package can be used in more secure way (using ssh-keys) or less secure way (without ssh-keys). Both methods are present in examples section. Basic diffrence between those approaches is way of authorizing in remote server.

Every method has suppress (boolean type) argument, which disables method output printing. By default it is set to False, so method will "confess" into stdout what's going on.

More secure approach

Preconditions

  1. Change username and password in config.cfg file (not necessary)
  2. Create user with password on remote server and grant sudo commands without password
root@remote:~# useradd <username form config.cfg>
root@remote:~# passwd <password from config.cfg>
root@remote:~# visudo
...
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
%<username from config>       ALL=(ALL)       NOPASSWD: ALL   #Add this line, but change username first ;)
...

Above steps could be repaced by executing commands:

#Set username in config file (not necessary)
utilities.set_username_in_config(username="<input one>")
#Create user with sudo powers (username from config file) on remote host 
#[UID could be specified in command as well]
users.create_user_from_config(host="...", user="sudo user", passw=" password", sudo_no_pass=True)
  1. Block authorization with password, this will make sure only one having key can use previously created account. (Not available to login with key (without password) due to paramiko bug)

ℹī¸ Could be worked-around by generating RSA key encrypted with password and placing it within /utils directory (and using as default) or pass path to it as a parameter of method 🔑

In favored (still under development) way it should look like:

0. Generate SSH-RSA 2048 key via build-in method
1. Check connection to server
    - It will also add remote to known hosts only if connection was succesful
2. Exchange SSH keys with remote
3. Use methods with key as parameter

#TODO methods using ssh keys should in future disallow connect to unknown hosts

Less secure approach

This package is designed to be used to manage local servers where highest level of security is not critically nesscesary. To run commands without SSH key use commands with user and password as arguments. Please keep in mind that approach is less secure (not as it should be), and treat it like last option.

In not favored approach:

0. Run method passing user, password and hostname/IP
    - It will also add remote to known hosts on succesful connection

In any case:

  • By default all commands will try to execute on port 22 (TODO future feature if needed)

Manipulating config file inside repo/package

To reduce human errors and incompatibility when using and editing config file, please use methods in utilities module to change content when needed

utilities.set_username_in_config(username="...")
utilities.set_password_in_config(password="...")

Every method used to set value has "get" equivalent.

Tests

To be done in nearest future. Currently being tested on locally hosted VMs.

For now there are "quick tests" available for use, but three remotes (could be locally hosted VM's). Tests are written to be executed in pytest. You will probably have to change ip adresses in file. To run them execute: (was divided into smaller parts due to server Too Many Requests problem)

pytest -v -m connection
pytest -v -m users
pytest -v -m update
pytest -v -m miscellaneous
pytest -v -m groups
pytest -v -m service
pytest -v -m config

Project structure

Structure with basic description

- pySSHAdmin
    - docs (documentation)
    - examples (usage example snippets)
    - pySSHAdmin (source code)
        - groups.py (manage groups functions)
        - miscellaneous.py (various others)
        - services.py (manage services)
        - update.py (manage updates functions)
        - users.py (manage users functions)
        - utilities.py (utilities functions)
        - eventually more coming soon...
    - tests (testing lair)
    - utils (dir for utility files)
    - .gitignore
    - config.cfg (configuration file)
    - LICENSE
    - README.md
    - requirements.txt (stub for future pip release)

Documentation

Almost done, but still under construction 🚧
See docs section

Contribution

Any help is kindly welcome. If you have something in mind please create pull-request or please contact me via PM in Github.