In fact, even if you and your partners need to run some custom shell script on your server, it's possible to set things up so that, after the initial configuration, everybody with the right access credentials can do it by clicking into a web browser. One Free Software tool to make this happen is KeyBox.
KeyBox makes it easier to delegate the execution of scripts on remote machines, even to partners who, for whatever reason, won't touch a command line: you define the script(s), and they can still decide to run them by themselves, even if you're offline.
This happens because KeyBox provides a way to "manage OpenSSH v2 public keys and shell scripts to be distributed or executed on defined systems." What this means, in practice, is that with KeyBox you can:
- configure and distribute the digital keys that let only authorized users and computers run scripts or simple commands on your remote servers
- define and upload only once any script that should be manually run on one or more remote servers
All this from one, simple graphical interface that is accessible from any browser. Another reason to use KeyBox may be that it gives its administrator the possibility to run shell scripts on remote servers even from somebody else's computer and/or when only web access is available!
How KeyBox works
Technically speaking, the KeyBox web pages and forms that you see in your browser are generated by the Jetty Open Source Web server (alternative home page here). All sensitive data are stored into an SQLite3 database, which is a single file called keybox.db. Jetty comes with the Java project management tool called Maven. A nice little introduction to creating web services with Jetty and Maven is here. Luckily, you don't really need to study all this stuff to use KeyBox.
KeyBox may run either on a local computer, or on one of the servers that it helps to manage. Wherever you put it, don't forget to include its keybox.db file in your backup plans! The dependence on Maven and Jetty is not a problem, as those tools are available as binary packages for most Gnu/Linux distributions. Just be prepared to see a lot of extra packages installed (241 on my Fedora 17 box!) to satisfy all the dependencies.
Once that part is over, to install KeyBox, you must simply download and expand its archive in a folder of your choice. To start the program, type (or add to your server startup scripts) this command:
cd KEYBOXDIR; mvn package jetty:run
KEYBOXDIR is the folder you'll get by expanding the KeyBox archive. mvn is the Maven executable: the command above tells Maven to start Jetty which, by default, will follow the instructions in the file called pom.xml in the same folder. The README file explains other actions you can perform in the same way. "mvn clean", for example, will delete the KeyBox database.
Once Jetty is up and running KeyBox, point your browser to port 8090 of the computer on which you installed KeyBox. That would be http://localhost:8090 if it's running on your desktop, or http://your.website.com:8090 if it's on your website. Change the admin password to something different from the default "changeme", and you're ready to go.In KeyBox you can define as many systems, users, and system profiles as you want. I suggest you perform these operations in the same order in which they are listed in the KeyBox side bar (Figure A):
The exact details for setting up passwordless logins and the corresponding SSH key files vary from one Gnu/Linux distribution to the next: please check the documentation and support forums of the one(s) you use for all details.
KeyBox system profiles allow you to order and group tasks and users in whatever way suits your needs. You may, for example, create a "backup" profile that authorized users can select to run backups on different servers.Figures D to F show the result, that is THE reason to install and use KeyBox: you can define how many scripts you want, pasting their code in the KeyBox form, run them with one click on their name and see what happened, all without leaving your browser. Convenient, isn't it?
(NOTE: the "script" in the picture is just one single command, instead of the real backup script, simply because I wanted all its output to fit in the one small screenshot of Figure F)
Marco Fioretti is a freelance writer and teacher whose work focuses on the impact of open digital technologies on education, ethics, civil rights, and environmental issues.