Gossh is a high-performance and high-concurrency ssh tool written in Go.
It can efficiently manage tens of thousands of Linux server clusters.
It is 10 times faster than Ansible.
If you need much more performance and better ease of use, you will love gossh.
Feel free to open a new issue if you have any issues, questions or suggestions about this project.
-
Four kinds of ssh tasks:
command: Execute commands on target hosts.
script: Execute a local shell script on target hosts.
push: Copy local files and dirs to target hosts.
fetch: Copy files and dirs from target hosts to local. -
Auto detect following authentication methods for the login user(default
$USER):
Password: from inventory file, or from flag-k/--auth.ask-pass,-p/--auth.password,-a/--auth.pass-file, or from configuration file.
Pubkey Authentication: by identity files(default~/.ssh/id_rsa), also include that with passphrase.
SSH-Agent Authentication: through the system environment variable$SSH_AUTH_SOCK.
If the above three authentication methods are valid at the same time, the priority order is:SSH-Agent>Pubkey>Password. -
Provide the target hosts by:
Hosts/host-patterns/host-group-names as positional arguments separated by space.
Inventory file by flag-i/--hosts.inventoryor from configuration file. -
Expand host patterns that from positional arguments or a inventory file to host list. Supported host patterns e.g.:
10.16.0.[1-10] foo[01-03].bar.com foo[01-03,06,12-16].idc[1-3].[beijing,wuhan].bar.com -
Allow adding variables to inventory file.
Available variables:host,port,user,password,keys,passphrase. E.g.:alias_name_node1 host=node1.sre.im alias_name_node2 host=192.168.33.12 port=8022 user=vagrant password=123456 keys=~/.ssh/id_rsa passphrase=xxx node3.sre.im user=vagrant password=GOSSH-AES256:9cfe499133b69a6c7fc62b5b6ba72d3d8dfb4d0e7987170a40c5d50bb5d71e19 -
Group hosts in inventory file. E.g.:
# no group hosts node1.sre.im # group hosts [webserver] node2.sre.im port=6022 node3.sre.im # host variables for group webserver [webserver:vars] port=8022 user=zhangsan password=plaintextOrCiphertextByVault [dbserver] db[1-3].sre.im # group project1 has hosts that from both group webserver and dbserver [project1:children] webserver dbserver -
Use
sudoto run as other user(defaultroot) to execute the commands/shell-script or fetch files/dirs. -
Specify i18n environment variable value while executing commands or a shell script to help keep the language of the outputs consistent. For example:
zh_CN.UTF-8,en_US.UTF-8. -
Three kinds of timeout in seconds:
Connecting to each target host (default10).
Subcommandcommand,script,push,fetchfor each target host.
The entiregosshtask. -
Output to a file or screen or a file and screen at the same time.
Colorful output, json format output, verbose(debug) output, and silent output. -
High-performance and high-concurrency. Customize the number of concurrent connections (default
1). -
SSH ProxyΒ can be specified to connect to the target hosts.
-
Provides subcommand
vaultto encrypt/decrypt confidential information such as password or passphrase without compromising security. -
Support the detection of dangerous commands that will be executed on target hosts, and allow users to customize a blacklist of commands.
-
For ease of use, it supports config file. You can write flags that are not frequently changed into the config file, so you don't need to laboriously specify these flags on the command line. If the flag in both command line and config file, flag that from command line takes precedence over the other.
The default config file is$PWD/.gossh.yamlor$HOME/.gossh.yaml, and$PWD/.gossh.yamlhas a higher priority. Note that the config file is optional, that is, there can be no config file. -
Provides subcommand
configto help generate configuration file in easy way.
Prebuilt binaries for macOS and Linux can be downloaded from the GitHub releases page.
Also you can install gossh by compiling:
$ git clone --depth 1 https://github.com/windvalley/gossh
$ cd gossh
# Note: need to install Go environment first.
$ make && make install$ gossh -h
Gossh is a high-performance and high-concurrency ssh tool.
It can efficiently manage tens of thousands of Linux server clusters.
Find more information at: https://github.com/windvalley/gossh
Usage:
gossh [command]
Available Commands:
command Execute commands on target hosts
script Execute a local shell script on target hosts
push Copy local files and dirs to target hosts
fetch Copy files and dirs from target hosts to local
vault Encryption and decryption utility
config Generate gossh configuration file
version Show gossh version information
help Help about any command
completion Generate the autocompletion script for the specified shell
Flags:
-u, --auth.user string login user (default $USER)
-p, --auth.password string password of login user
-k, --auth.ask-pass ask for the password of login user
-a, --auth.pass-file string file that holds the password of login user
-I, --auth.identity-files strings identity files (default [~/.ssh/id_rsa])
-K, --auth.passphrase string passphrase of the identity files
-V, --auth.vault-pass-file string text file or executable file that holds the vault password
for encryption and decryption
-i, --hosts.inventory string file that holds the target hosts
-P, --hosts.port int port of the target hosts (default 22)
-l, --hosts.list outputs a list of target hosts, and does not do anything else
-s, --run.sudo use sudo to execute commands/script or fetch files/dirs
-U, --run.as-user string run via sudo as this user (default "root")
-L, --run.lang string specify i18n while executing command
(e.g. zh_CN.UTF-8|en_US.UTF-8)
-c, --run.concurrency int number of concurrent connections (default 1)
-B, --run.command-blacklist strings commands that are prohibited from execution on target hosts
(default: [rm,reboot,halt,shutdown,init,mkfs,mkfs.*,umount,dd])
-o, --output.file string file to which messages are output
-j, --output.json output messages in json format
-C, --output.condense condense output and disable color
-q, --output.quiet do not output messages to screen
-v, --output.verbose show debug messages
-X, --proxy.server string proxy server address
--proxy.port int proxy server port (default 22)
--proxy.user string login user for proxy (default same as 'auth.user')
--proxy.password string password for proxy (default same as 'auth.password')
--proxy.identity-files strings identity files for proxy (default same as 'auth.identity-files')
--proxy.passphrase string passphrase of the identity files for proxy
(default same as 'auth.passphrase')
-t, --timeout.command int timeout seconds for handling each target host
--timeout.task int timeout seconds for the entire gossh task
--timeout.conn int timeout seconds for connecting each target host (default 10)
--config string config file (default {$PWD,$HOME}/.gossh.yaml)
-h, --help help for gossh
Use "gossh [command] --help" for more information about a command.
Client server: 4vCPUs and 8GiB
Target servers: hosts.list contains 936 servers distributed in 86 different IDCs across the country.
Ansible:
$ time ansible all -i hosts.list -m command -a "uptime" -f 100 -kOutput:
...
real 1m18.858s
user 3m18.566s
sys 1m24.263s
Gossh:
$ time gossh command -i hosts.list -e "uptime" -c 100 -kOutput:
...
[INFO] 2021-12-22 23:06:50.837228 success count: 936, failed count: 0, elapsed: 6.30s
real 0m6.316s
user 0m13.529s
sys 0m0.592s
I actively welcome your pull requests, please follow the steps below:
-
Open a new issue at gossh/issues.
-
Fork the repo and create your branch from
main. -
Do the changes in your fork.
-
Send a pull request.
Note: Any contributions you make will be under the MIT Software License.
This project is under the MIT License. See the LICENSE file for the full license text.