Master SSH Public‑Key Login for Efficient Batch Server Operations

Why Batch Server Operations Matter

In daily work engineers often need to run the same command on many servers, such as comparing logs or checking services, which requires the ability to operate on multiple machines simultaneously.

SSH Protocol Overview

SSH (Secure Shell) is an encrypted network protocol that provides a secure channel over an insecure network. It works similarly to HTTPS, using TCP and asymmetric encryption, but relies on server public‑key fingerprints for identity verification.

Typical connection steps include:

TCP three‑way handshake

SSH protocol version negotiation

Public‑key exchange between client and server

Encryption algorithm agreement

Client authentication with a symmetric key

Secure data exchange

Using the ssh Command

ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

The command’s extensive options illustrate its powerful capabilities.

Setting Up Public‑Key Authentication

After understanding asymmetric encryption, generate a key pair with ssh-keygen. The private key stays on the client, while the public key is placed in the server’s ~/.ssh/authorized_keys file.

~ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/zbs/.ssh/id_rsa): ./test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./test.
Your public key has been saved in ./test.pub.
SHA256:xxxxx/B17z/xxxxxx [email protected]
+---[RSA 2048]----+
|    o+*.. EO*    |
|   ....          |
|    oo+    .o++.o|
+----[SHA256]-----+

Copy the private key file ./test to the client’s ~/.ssh/id_rsa and the public key ./test.pub to the server’s ~/.ssh/authorized_keys. Subsequent logins will use the private key automatically, eliminating password prompts.

Batch Execution with ssh

Public‑key login removes the need to type passwords, allowing you to run commands on many hosts via one‑liner loops, e.g.,

for ip in $(cat ip_list.txt); do ssh user@$ip "command"; done

. Open‑source tools such as pssh (Python) or hss (C++) also provide parallel execution.

Collecting Files with scp

scp

shares the same SSH‑based security. With password‑less authentication you can copy logs from each server to a central machine, e.g., scp user@host:/var/log/app.log ./logs/$(uuidgen).log, then concatenate them.

Transferring Data with nc

When servers do not share keys, nc can pipe data securely. Start a listener on the receiver: nc -k -4l 12345 > result.log. On the sender, pipe the output: grep pattern info.log | nc receiver_ip 12345.

Conclusion

The presented tools—SSH public‑key login, ssh one‑liners, scp, and nc —are lightweight solutions for developers. For full‑scale operations, integrating them into an OPS platform provides more comprehensive automation.