A prevalent task when automating the boring stuff in Python is to run shell commands. If you are working with servers or virtual machines, you’d also need to run commands on a remote computer.
You can use the standard Python module and subprocesses to run shell scripts. It’s an easy way to execute commands. But on remote computers, you may need other techniques.
This post walks you through executing raw shell scripts using ssh. Then we’ll also discuss more Pythonic ways to run scripts on remote computers.
Running SSH commands using the subprocess module.
The subprocess module needs no further installation. It’s a standard Python library. Hence, you can use the ssh command line utility inside your subprocess run method.
The following command will run the Linux shell and get the free memory information of a remote computer. When running this script, the system will ask you to type in your password.
Copy files from and to remote computers.
In the same way, we can use the subprocess module to copy files from and to remote computers. The following Python script is an example of copying local files to a remote location using SCP.
This script uses argparser to get remote and local file paths as command-line arguments.
Passwordless ssh in Python
You’d have noticed that the ssh utility keeps asking for passwords every time you try to run a command on the remote computer. You can avoid this in two ways.
One is to embed passwords in the command itself. If you intend to share your code with others, you can set up an environment variable instead of hardcoding.
The second option is to set up an ssh key and add it to the remote computer’s authorized keys.
Embedded password in the ssh command
Before using this option, here’s a warning. I don’t recommend using passwords in any shell command. That’s because shell history will store the command along with your passwords. Also, the password is exposed to other processes running on the computer.
We need to use the ssh pass utility with ssh to use passwords in the same command.
The shell command below will run on a remote computer without prompting for a password. You can replace the `free -m` with any valid Unix command.
In our Python code, we can do this little tweak to embed password shell commands.
Use SSH Keys to avoid passwords (Recommended)
Key files are the most stable way to connect through ssh. We generate an ssh key in our local computer and let the remote computer know about it. Generating key files creates two of them. One of them is the public key. It has an extension, `pub`. This is the key you should share with the remote computer, not the private one (with no extension).
You might have to enter your password once (and for all) to copy the ssh key to the server. But on all subsequent ssh commands, you don’t have to worry about passwords or security.
Edit the SSH Config file for convenient server communications.
In Linux systems, you can also create an ssh config file. In the config file, you can specify a name for the connection and other parameters. This way, you don’t even have to remember the hostname or the username.
If you also followed the key file convention, you don’t have to worry about passwords either.
SSH Config files live inside the .ssh folder of your home directory (
~/.ssh/config), and it has no file extension. The following is an example of the content for SSH Config files.
Once you have the ssh config setup, you can run remote shell commands with just the hostname.
The methods we’ve discussed in this section aren’t largely impacted our Python script. Yet, the code is more clear and more secure now.
Not a Medium member yet? Please use this link to become a member because I earn a commission for referring at no extra cost for you.