Gossh is a high-performance and high-concurrency ssh tool written in Go. It can efficiently manage tens of thousands of Linux server clusters. It is 10 times faster than Ansible. If you need much more performance and better ease of use, you will love gossh.

Feel free to open a new issue if you have any issues, questions or suggestions about this project.

• Four kinds of ssh tasks:
  command: Execute commands on target hosts.
  script: Execute a local shell script on target hosts.
  push: Copy local files and dirs to target hosts.
  fetch: Copy files and dirs from target hosts to local.

• Auto detect following authentication methods for the login user(default $USER):
  Password: from inventory file, or from flag -k/--auth.ask-pass,-p/--auth.password,-a/--auth.pass-file, or from configuration file.
  Pubkey Authentication: by identity files(default ~/.ssh/id_rsa), also include that with passphrase.
  SSH-Agent Authentication: through the system environment variable $SSH_AUTH_SOCK.
  If the above three authentication methods are valid at the same time, the priority order is: SSH-Agent > Pubkey > Password.

• Provide the target hosts by:
  Hosts/host-patterns/host-group-names as positional arguments separated by space.
  Inventory file by flag -i/--hosts.inventory or from configuration file.

• Expand host patterns that from positional arguments or a inventory file to host list. Supported host patterns e.g.:

  10.16.0.[1-10]
foo[01-03].bar.com
foo[01-03,06,12-16].idc[1-3].[beijing,wuhan].bar.com


• Allow adding variables to inventory file.
  Available variables: host, port, user, password, keys, passphrase. E.g.:

  alias_name_node1 host=node1.sre.im
alias_name_node2 host=192.168.33.12 port=8022 user=vagrant password=123456 keys=~/.ssh/id_rsa passphrase=xxx
node3.sre.im user=vagrant password=GOSSH-AES256:9cfe499133b69a6c7fc62b5b6ba72d3d8dfb4d0e7987170a40c5d50bb5d71e19


• Group hosts in inventory file. E.g.:

  # no group hosts
node1.sre.im

# group hosts
[webserver]
node2.sre.im port=6022
node3.sre.im

# host variables for group webserver
[webserver:vars]
port=8022
user=zhangsan
password=plaintextOrCiphertextByVault

[dbserver]
db[1-3].sre.im

# group project1 has hosts that from both group webserver and dbserver
[project1:children]
webserver
dbserver


• Use sudo to run as other user(default root) to execute the commands/shell-script or fetch files/dirs.

• Specify i18n environment variable value while executing commands or a shell script to help keep the language of the outputs consistent. For example: zh_CN.UTF-8, en_US.UTF-8.

• Three kinds of timeout in seconds:
  Connecting to each target host (default 10).
  Subcommand command, script, push, fetch for each target host.
  The entire gossh task.

• Output to a file or screen or a file and screen at the same time.
  Colorful output, json format output, verbose(debug) output, and silent output.

• High-performance and high-concurrency. Customize the number of concurrent connections (default 1).

• SSH Proxy can be specified to connect to the target hosts.

• Provides subcommand vault to encrypt/decrypt confidential information such as password or passphrase without compromising security.

• Support the detection of dangerous commands that will be executed on target hosts, and allow users to customize a blacklist of commands.

• For ease of use, it supports config file. You can write flags that are not frequently changed into the config file, so you don't need to laboriously specify these flags on the command line. If the flag in both command line and config file, flag that from command line takes precedence over the other.
  The default config file is $PWD/.gossh.yaml or $HOME/.gossh.yaml, and $PWD/.gossh.yaml has a higher priority. Note that the config file is optional, that is, there can be no config file.

• Provides subcommand config to help generate configuration file in easy way.

Prebuilt binaries for macOS and Linux can be downloaded from the GitHub releases page.

Also you can install gossh by compiling: