top | item 44023634

Show HN: Sshsync – CLI tool to run shell commands across multiple remote servers

47 points| blackmamoth | 9 months ago |github.com

I built a CLI tool called `sshsync` to run shell commands and transfer files across multiple servers over SSH concurrently.

It was inspired by tools like `pssh`, but I wanted something more modern, intuitive, and Pythonic.

What it does:

- Run shell commands on multiple servers (in parallel) - Push/pull files or directories with progress bars - Uses `~/.ssh/config` and lets you group hosts with YAML - Supports `--dry-run` mode to preview actions without executing - Outputs results using `rich` (tables, colors) - Built with `Typer`, `asyncssh`, and `rich`

There’s no daemon or extra setup, it reads your existing SSH config and just runs.

Would love feedback on general use and especially if there are ways to improve the `--dry-run` output.

72 comments

jasongill|9 months ago

In a past life, this is an interview question that I would ask people: "We have thousands of servers, and you need to run the same command on 10 of them, what's one way you would do it?" and follow up with "What if you wanted to run the command on hundreds or thousands - what problems would you expect with this approach, and what might you do differently?"

I didn't really expect them to write code on the spot (hate that in interviews), but just to describe a possible solution; there were no wrong answers. Seeing how people came up with a quick hack for 10 and then being able to evolve their thinking for thousands was the point of the question and it could be enlightening to see.

I had a lot of people come up with things that I never even thought of, such as SSH'ing in to all 10 machines and then using a terminal feature to type into all of the windows at once.

farka01|9 months ago

That's a great question you used in interviews! I'm curious – how would you personally approach this situation? What would your solution be for running a command on 10 servers, and how would you scale it to thousands?

blackmamoth|9 months ago

Are you still asking this question in an interview? I know a thing or two about sshing into servers, I think I'd be a good enough candidate

Alifatisk|9 months ago

Is there a standard way of doing this that comes shipped with GNU/Linux?

nasretdinov|9 months ago

Around 10 years ago I was supporting infrastructure at a PHP shop and we needed a similar thing, but for ~3000 servers, and the library that we were using (libpssh) didn't support async SSH agent authentication, so I built this small tool in Go to allow to implement such tooling in any language (PHP, Python, whatever) in a simple way: https://github.com/YuriyNasretdinov/GoSSHa

It's main advantage is that it allows you to do SSH agent forwarding that actually works at scale, since it limits concurrency when talking to SSH agent to a configurable amount (by default 128, the default connection backlog in OpenSSH ssh-agent)

blackmamoth|9 months ago

Hey man that's really cool, I never really thought of making this interactive.

proxysna|9 months ago

ansible my_servers -m shell -a 'fortune && reboot' -b

I know it is easy to be a hater, but sincerely do not see a reason to use something like that over Ansible or just pure sh, ssh and scp. All you have to do is to set up keys and the inventory. Takes 10 minutes, even if you are doing it for the first time. And you can expand it if you need it.

alerighi|9 months ago

I use pssh often (not this tool, but as I understand is similar).

The reasons I find it over Ansible are:

- takes the same syntax and options as plain SSH, just run over multiple hosts. So if you already know SSH, you know how to use pssh that is an extension of the command. Ansible requires to study it. The configuration format is trivial, just a file that contains on each line one host, no need to study complex formats like Ansible

- doesn't require dependencies on the target machine. Ansible, as far as I know, requires a python3 installation on the target machine. Something that, for example, is not granted in all settings (e.g. embedded devices, that are not strictly GNU/Linux machines, for example consider a lot of network devices that espose an SSH server, like Microtik devices, with PSSH is possible to configure them in batch), or in some settings you maybe need to work on legacy machines that have an outdated python version.

- sometimes simpler tool that just do one thing are just better. Especially for tools like pssh that are to me like a swiss army knife, the kind of tool that you use obviously when you are bodging something up to make something work because you are in an hurry and saves your day

Of course if you already use Ansible to manage your infrastructure you may as well use it to run a simple command. But if you have to run a command on some devices, that were not previously setup for Ansible, and devices trough which you may not have a lot of control (e.g. a bunch of embedded devices of some sort), pssh is a tool that can come handy.

liamkearney|9 months ago

Ansible is one of the best examples of needless complexity I’ve ever interacted with.

blackmamoth|9 months ago

I know ansible or even custom shell scripts are way better and optimized for such use cases. However, I just wanted to show something I built that might be useful to someone.

cynicalsecurity|9 months ago

Ansible requires python to be installed on all of the target computers.

revskill|9 months ago

Ansible doesn't work on windows.

Stop assuming your method works across the universe of edge cases.

gamedna|9 months ago

Curious to understand the need to create this over using tools like pssh, etc.

https://linux.die.net/man/1/pssh

blackmamoth|9 months ago

I was getting bored, this seemed like a cool project to work on outside of work, that's why. One of my colleagues found it useful for his needs, so I figured there might be other people who'd find this useful too.

unknown|9 months ago

[deleted]

Joker_vD|9 months ago

Looks interesting; my klunky script for doing something similar has been something along the lines of

    printf 'started: %s\n' "$(utcdate)"

    (
        trap 'kill 0' SIGINT
        for REMOTE in "${REMOTES[@]}"
        do
            ssh -- "$REMOTE" "$COMMAND" "$@" &
        done
        wait
    )

    printf 'ended: %s\n' "$(utcdate)"

but twiddling with it has been quite annoying, so I'll look into this tool.

mkayokay|9 months ago

How are commands handled, that require user input? E.g. password for sudo in your example:

  sshsync group web-servers "sudo systemctl restart nginx"

I like that you included a demo in the README, but it is too long for a gif, as I can't pause/rewind/forward. So splitting into multiple short gifs or converting into a video (if GitHub supports them) could improve the experience.

blackmamoth|9 months ago

As of now there is no way to take user input in transit, so either the user is required to have the privilege to execute the specified command or have passwordless sudo available.

And Yeah, now that you've mentioned it multiple shorter gifs would be better.

monster_truck|9 months ago

Have you looked at what powershell does? Invoke-Command (and the Job stuff it meshes perfectly with via AsJob) is really nice

I only needed a very small fraction of what it can do to bail a client out of a problem their customer caused on several hundred computers the night before an event, but it absolutely saved the day and a lot of money.

blackmamoth|9 months ago

Haven't really used powershell for my tasks and I'm not as experienced as you are, but what you said sounds absolutely cool, I'll check it out

igetspam|9 months ago

I’m surprised no one has mentioned pdsh yet. Piped to dshbak and output was grouped by response. I’d probably use a config management tool for anything more than simple commands now but that tool was indispensable for managing our fleet, when we used to actually connect to machines.

lcall|9 months ago

Ditto. I posted (here: https://news.ycombinator.com/item?id=42881123 ) about them and other options:

To send the same command to multiple servers, use pdsh: https://linux.die.net/man/1/pdsh

To collect all the results and show which ones are the same or different, use dshbak (i.e., "pdsh <parameters including servers>|dshbak"): https://linux.die.net/man/1/dshbak

Similar things, sometimes more convenient but less efficient for a large number of servers, are to use the konsole terminal program and link multiple window tabs together so the same typed command goes to all, and quickly view the results across the tabs; or to use tmux and send the same commands to multiple windows (possible useful "man tmux" page terms: link-window, pipe-pane, related things to those, activity, focus, hooks, control mode).

And others that I haven't used but which also look possibly interesting for platforms where pdsh and dshbak might not be available (like OpenBSD at least):

- https://github.com/duncs/clusterssh/wiki (available on OpenBSD as a package)

- https://www.gnu.org/software/parallel/ (also available as a package on OpenBSD 7.6: named "parallel-20221122"; might relate to "pdksh")

- Also clusterit.

baalimago|9 months ago

Very cool project! But it's a quite saturated market. Any sysadmin/similar who needs this sort of functionality have most likely already found an solution (5-20 years ago).

Personally, I'm a tmux synchronized-panes kind of guy, so that I can see the result of each output immediately.

bandie91|9 months ago

http://guichaz.free.fr/polysh/

Alifatisk|9 months ago

If I connect thousands of machines, will my terminal be flooded? Or have they thought of this?

N2yhWNXQN3k9|9 months ago

The dry-run option is nice, but you can do this easily in a normal environment without special tooling (GNU parallel, etc).

I have made scripts to do this with filter parameters over VMs on cloud providers, which is very valuable. Maybe you can extend this to have those options, so potential users are more attracted to it?

blackmamoth|9 months ago

Hey, I missed your comment earlier. And yes, I'd love to hear about those parameters and how they'd be useful

JulianWasTaken|9 months ago

To me GNU parallel is the top of the line here (as it is for most things parallel).

For the most common cases I have it aliased to just `p`: https://github.com/Julian/dotfiles/blob/main/.config/zsh/com...

Or https://github.com/Julian/dotfiles/blob/4d36e6b17e9804a887ba...

naikrovek|9 months ago

what is the use case? why wouldn't you use something else (like ansible or puppet or something)? I do not understand why someone would do things like this.

cbm-vic-20|9 months ago

[deleted]

flysand7|9 months ago

I'm curious what happens with output. Is it one line per each computer you've connected to or does it get merged until it diverges, kinda like in that Rick and Morty episode with timeline splits?

blackmamoth|9 months ago

Haven't set a limit to how many connections are shown, once all the commands are executing, each result (success/failure) is shown at once. So if you connect to 1000 computers, your shell will be flooded with progress bars first and then the output.

Maybe I should set a limit or let the user set a limit to how many results should be shown once the process is completed. Showing m and n results from the start and end

andrewchilds|9 months ago

I built (and still use) a similar tool called Overcast 10 years ago: https://github.com/andrewchilds/overcast

blackmamoth|9 months ago

Dude, your tool does so much than just run ssh commands. I just took a quick glance at your project, just wanted to know does this have support for vultr?

johng|9 months ago

I used to love using csshx on Mac but it appears to be broken on Homebrew now and not really updated on other sources. Pity, I reallyliked it.

ahofmann|9 months ago

This looks great. I've used ansible in the past, is this tool like a stripped down (and thus simpler to use) version of ansible?

XorNot|9 months ago

Given that ansible can be installed via "pip install ansible" I'm not sure how much simpler you can get?

Like a basic list of servers can also have this done via "ansible -m shell -a 'echo something' <server group>"

blackmamoth|9 months ago

To be completely honest, I didn't even think about ansible when creating this (probability because I haven't yet used it), I looked at pssh and clusterssh and just decided to build one myself.

strzibny|9 months ago

If you deploy with Kamal you practically get this, except maybe the file push, that's a nice touch.

darrenf|9 months ago

See also: fabric. https://docs.fabfile.org/en/latest/

shaunpud|9 months ago

See also: pyinfra. https://docs.pyinfra.com/en/latest/

kachapopopow|9 months ago

This would only be interesting if it wasn't written in python, but native instead.

blackmamoth|9 months ago

Originally I was going to write the prototype in python and than later reimplement it in Golang, but right now I'm not sure if it's needed

jasonm23|9 months ago

`pssh`

gitroom|9 months ago

[deleted]

deva502|9 months ago

The lack of research, the AI-generated README and comments, and the "Pythonic" approach (while Ansible exists) made me laugh. I guess it's a good CS50 project, but it's not presentable at all and doesn't have real-world usage.

blackmamoth|9 months ago

Hey, yeah I admit i should've written the README myself, but I'm kinda lazy , so I let gpt handle both readme and the post. And I do know there are other tools way better than this and battle tested, but I just built this for fun and not to compete with any of them.