How to Execute Linux Commands on Remote System over SSH

In this tutorial, we will learn how to execute linux commands on remote system over ssh.

Many times we need to work with remote Linux systems. We login to the remote host, perform work and exit that session. Can we perform all these actions from local machine ? Yes, it’s possible and this tutorial demonstrates it with exhaustive examples.

Execute Linux Commands on Remote System over SSH

SSH allows us to execute command on remote machine without logging into that machine. Examples are shown below:

Execute single command

Let us execute uname command over SSH.

$ ssh [email protected] uname

If you observe above command, it is similar to regular SSH command with minor difference. We have appended command to be executed (highlighted in red color).

When we execute this command. It’ll generate below output:

Linux
Execute multiple commands

Using this technique, we can execute multiple commands using single SSH session. We just need to separate commands with semicolon (;).

$ ssh [email protected] "uname;hostname;date"

As expected, these commands will generate below output:

Linux
linux-server
Thu Mar  1 15:47:59 IST 2018
Execute command with elevated privileges

Sometimes we need to execute command with elevated privileges, in that case we can use it with sudo.

$ ssh -t [email protected] sudo touch /etc/banner.txt

Note that we have used ‘-t‘ option with SSH, which allows pseudo-terminal allocation. sudo command requires interactive terminal hence this option is necessary.

Execute script

Remote execution is not only limited to the commands; we can even execute script over SSH. We just have to provide absolute path of local script to SSH command.

Let us create a simple shell script with following contents and name it as system-info.sh

#!/bin/sh
uname
hostname

Make script executable and run it on remote server as follows:

$ chmod +x system-info.sh
$ ssh [email protected] ./system-info.sh

As some of you might have guessed, it will generate below output:

Linux
linux-server
Variable expansion problem

If we split commands into multiple lines, then variable expansion will not work. Let us see it with simple example:

$ msg="Hello LinuxTechi"
$ ssh [email protected] 'echo $msg'

When we execute above command, we can observe that variable is not getting expanded.

To resolve this issue, we need to use -c option of shell. In our case we’ll use it with bash as follows:

$ ssh [email protected] bash -c "'echo $msg'"
Configure passwordless SSH session

By default, SSH will ask for password authentication each time. This is enforced for security reasons. However, sometimes it is annoying. To overcome this, we can use public-private key authentication mechanism.

It can be configured using following steps:

1) Generate public-private key pair

SSH provides ssh-keygen utility which can be used to generate key pairs on local machine.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/linuxtechi/.ssh/id_rsa): #press enter
Enter passphrase (empty for no passphrase):                         #press enter
Enter same passphrase again:                                        #press enter
Your identification has been saved in /home/linuxtechi/.ssh/id_rsa.
Your public key has been saved in /home/linuxtechi/.ssh/id_rsa.pub.

Above output shows that generated key pairs are stored under ~/.ssh directory.

2)  Add public key to ~/.ssh/authorized_keys file on remote host

Simple way to do this is, using ssh-copy-id command.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

In above command:

  • -i option indicates identity file
  • ~/.ssh/id_rsa.pub is identity file
  • remaining text is remote user and remote server IP

NOTE: Never share your private key with anyone.

3) That’s it. Isn’t it so simple? Now we can execute command over SSH without entering password. Let us verify this.

$ ssh [email protected] uname

Limitation of public-private key authentication

Thought public-private key authentication makes our life easier, it is not perfect. Its major downside is; we cannot automate it, because user interaction is required first time. Remember !!! we have provided password to ssh-copy-id command.

There is no need to get panic, this is not end of world. In next section we’ll discuss approach which eliminates this limitation.

sshpass utility

To overcome above limitation, we can use sshpass utility. It provides non-interactive way to authenticate SSH session. This section discusses various ways of it.

Installation of sshpass

sshpass utility is part of Ubuntu’s official repository. We can install it using following commands:

$ sudo apt-get update
$ sudo apt-get install sshpass

Examples

sshpass can accept password – as an argument, read it from file or via environment variable. Let us discuss all these approaches.

1) Password as an argument

We can provide, password as an argument using –p option:

$ sshpass -p 'secrete-password' ssh [email protected] uname

2) Password from file

sshpass can read password from regular file using -f option:

$ echo "secrete-password" > password-file
$ sshpass -f password-file ssh [email protected] uname

3) Password from environment variable

In addition to this, we can provide password from environment variable using -e option:

$ export SSHPASS="secrete-password"
$ sshpass -e ssh [email protected] uname

Conclusion

This tutorial shows various tricks and tips on remote command execution over SSH. Once you get the understanding of these tricks it will make your life much easier and definitely improve your productivity. Feel free to post your queries and feedback in below comments section.

Read Also 9 ‘diff’ Command Examples in Linux

13 thoughts on “How to Execute Linux Commands on Remote System over SSH”

      1. Can we do below
        I can run a script on remote a server with command: ssh user1@ip-of-server “command”

        That works fine but I need to execute a command with a different user (user2).
        If I do it manually – these would be the steps:
        1) SSH as user1 to a server
        2) sudo su – user2
        3) execute command (now as user2)

  1. Hi Pradeep,

    the quote below seems to imply system-info.sh is a local script, which is executed on a remote system (192.168.10.10) However, I have found that this only work if the script is on the remote system. In other words, ssh can execute a script that is on the remote server. Is this also your experience or else can you clarify?

    We just have to provide absolute path of local script to SSH command.
    $ ssh [email protected] ./system-info.sh

    1. Your are completely right. “ssh ” will execute at . In other words, it will SSH to , then ONCE THERE it will execute whatever entails, just as if we where at (in the home dir of the user we are SSHing as). Any command we issue will be looked for at , not locally.

  2. uh ssh-pass looks like a bad idea, or perhaps an incorrect usage?
    the way you presented it the actual password or the name of the password file or the name of the env variable will be logged in the command history !!!
    ssh via private and public key is way more secure as long as you keep your privatekey……..private

  3. it looks like sshpass still will NOT work the first time when the local hostname has not been saved to the Known_hosts file in the remote host under .ssh directory. Does anyone know how to get along that?

  4. Hello,
    I have the same issue as Santosh. I’d like to remotely mount a partition as root.
    Is it possible ?
    Thanks

  5. I looking for a solution for the below scenario:
    I have setup a password file for my user.
    I am using sshpass -f passwordfile ssh [email protected]
    The above is working fine.
    From the same command line I would like to switch user to app user webapp, like su – webapp
    the webapp password I want to pass thru local file.
    In essence sshpass -f passwordfile ssh [email protected] su - webapp
    after executing the above command I would be logged in as [email protected]
    How to achieve it?
    Kindly Help.

    1. I Would recommend set the password file for webapp user and make ssh session with this user only and then execute the commands.
      You can try one more option, create a small script, write the commands in that script that you want to execute as webapp user and call this script over the ssh session as shown below:

      sshpass -f passwordfile ssh [email protected] 'bash -s' < 'script.sh'

  6. I did it and it work perfectly.

    No need to sshpass. I use the ssh private key generated instead a password. Something like:
    ssh -i localpath/to/the/ssh_private_key remoteuser@remoteip command

    Now, I was wondered: if a can use a ssh-copy-id to copy a key to the remote server, how can a remove the key from the remote server?

Leave a Comment

Your email address will not be published. Required fields are marked *