TweetFollow Us on Twitter

Mac in the Shell: Mass Remote Management with dshell

Volume Number: 24 (2008)
Issue Number: 01
Column Tag: Mac in the Shell

Mac in the Shell: Mass Remote Management with dshell

Or, mass remote management without ARD

by Edward Marczak


A feature article this month covers methods to manage an army of Macs post-deployment. In other words, after they've been imaged and rolled out to the masses. The products and methods listed there are certainly applicable and appropriate for many situations. I'm going to describe yet another method that comes in handy in other situations. dsh, the distributed shell, can run a command over groups of machines that you specify. It performs this magic over ssh, so, you can affect machines over LAN or WAN links, near or far. Since OS X and other machines have ssh in their base distribution, you can command across platforms. This article explains how you, too, can send out commands to all or a group of your Macs - simultaneously - with a single press of the return key.

Getting the Goods

While there are many nice apps in the base distribution of OS X, dsh is not one of them. dsh is an agentless controlling app, so fortunately, you only need to retrieve, compile and install on one host, or any admin station that you need. You'll need a compiler on some station to compile the program - typically meaning having Apple's developer tools installed.

Two downloads are needed to get us going. Visit this page:

and retrieve the latest versions of dsh and libdshconfig. As of this writing, they are:

It's easy to take care of everything while in terminal: just use curl to download the files needed (use "curl -O http://.."), tar to unpack (tar xzvf filename) and then it's simple to compile. Both pieces of code compile cleanly in OS X 10.4 and 10.5, and install in /usr/local by default. Enter the libdshconfig directory that you just unpacked, and simply enter the following commands (your entries in bold):

$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
[output snipped]
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
$ make
make  all-am
[output snipped]
(cd .libs && rm -f && ln -s ../
$ sudo make install
/bin/sh ./mkinstalldirs /usr/local/lib
[output snipped]
 /usr/bin/install -c -m 644 libdshconfig.h /usr/local/include/libdshconfig.h

Next, we need to do the same for dsh itself. Change into the dsh directory you unpacked, and repeat the same process that you just went through for libdshconfig (configure, make, sudo make install). The entire process should take you less than 5 minutes. Literally.

While you can alter the install directory, I recommend that you leave the default values, and have the binaries and config files installed under /usr/local. I'll be referencing that as the install location throughout this article.

You can verify installation by typing "/usr/local/bin/dsh". You should be told, "dsh: no machine specified", and dsh would be right.

The configuration

Now that we have dsh installed on our administrative machine, how do we use it? Fortunately, under Leopard, /usr/local is a 'blessed' location, and is already in our $MANPATH. If you're using 10.4, you'll need to add "/usr/local/share/man" to $MANPATH and export it, or re-source your init file. dsh comes with some short-but-useful man pages. First, we'll need to update the configuration file.

If you left each application take the default values during their configure stage, and I recommend that you do, you'll find the main config file at /usr/local/etc/dsh.conf. We need to make one change to this file. So, whip out your favorite text editor, and change the line that reads:

remoteshell =rsh

to read:

remoteshell =ssh

(If you're daring, this can be achieved in one line with sed: sudo sed -i .back s/rsh/ssh/ dsh.conf). You may also want to change the "waitshell" value from "1" to "0". With a setting of 1, dsh will block execution until the previous machine has returned. As I said, you may want to change this. It's really applicable for very large rollouts. There's a man page available for the configuration file accessible with "man dsh.conf".

Determining the Target Machines

Before we continue, we need to take a step back and plan things out a bit. We need to determine which machines we're going to be targeting. Since we've chosen ssh as the remote mechanism, each machine that we're going to want to control needs ssh enabled. Now a days, this is the default for most platforms and distributions. That said, unless we want to enter our password each time we make a dsh run, we're going to want to create a public key and install it on any machine that we want to administer. Also, we also need a list of computers for dsh. This list basically tells dsh, "hey - run this command on all of these machines."

ssh was covered extensively in this column in the October 2007 issue, but, as a quick refresher, here's the sequence of creating a public key for ssh's use:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/admin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/admin/.ssh/id_rsa.
Your public key has been saved in /Users/admin/.ssh/
The key fingerprint is:
6e:4b:ca:45:2d:c7:3d:14:d2:34:1e:ad:45:a5:fc:8e admin@machine-name.local

In this sequence, you simply press enter when asked for the passphrase and to verify. Notice that the output tells you that "your public key has been saved in...". Change directory to ~/.ssh. We need to copy the contents of the newly generated file to each machine that we're going to manage. Fortunately, this is a one-time step.

Easiest instructions to write: ssh to the machine you're going to target, using the admin-level account that you'll be running remote commands with:


Once in, run this command:

ssh "cat ~/.ssh/" >> ~/.ssh/authorized_keys

where 'user' is the user account that you just had generate the key for, and "" is the machine where that user id resides - likely the machine you're on right now. Once done, type exit, and then try to ssh again. This time, you should not be asked for a password, but rather, simply receive a remote shell.

In the event that you cannot ssh back to your machine, you can always manually copy your key to the remote machine and add its contents to the ~/.ssh/authorized_keys file on the target account. For more about ssh, creating ssh keys and troubleshooting, see my ssh article in the October 200 issue of MacTech Magazine.

While you are accessing each remote machine, you need to keep a list of the account that you're accessing it with, and its fully qualified domain name (FQDN) or IP address. Once complete, take this list and enter it into /usr/local/etc/machines.list in this format:


Now comes the fun part!

Spreading the Joy

Let's start with a easy one: viewing the uptime statistics on all of the machines we've identified. This is as easy as:

$ dsh -a uptime 16:38 up 14 days, 9:27, 2 users, load averages: 0.19 0.13 0.16 16:38 up 59 days, 7:09, 1 user, load averages: 0.02 0.02 0.00 13:42 up 93 days, 3:25, 2 users, load averages: 0.02 0.02 0.00 1:39PM up 213 days, 4:01, 0 users, load averages: 0.12, 0.08, 0.04

It's a complete coincidence that those are in order of uptime! However, that raises the question: what order are they in? The "-M" switch will prepend the machine name before its output. Let's see that in action:

$ dsh -M -a uptime 16:41  up 14 days,  9:30, 2 users, load averages: 0.47 0.27 0.21 16:41  up 59 days,  7:12, 1 user, load averages: 0.00 0.00 0.00 13:45  up 93 days,  3:28, 2 users, load averages: 0.01 0.02 0.00  1:42PM  up 213 days,  4:04, 0 users, load averages: 0.04, 0.07, 0.04

There, that's a little better. The "-a" switch tells dsh to run the command against all machines that we've defined.

If you opted to not use a waitshell - your config file still has the line "waitshell =1" - you can override this at runtime using the "-c" switch. Also, if there's a machine that you have not added to your machines.list file, but want to use it ad-hoc, use the "-m" switch. Combining all of these options would look like this:

$ dsh -M -c -m -a 'last | head -1' fladmin  ttyp0   Thu Nov 29 15:22 - 15:22  (00:00) caadmin  ttyp1   Thu Nov 29 15:09 - 15:09  (00:00) nyadmin  ttyp2   Thu Nov 29 12:29 - 12:29  (00:00)
Password: root      ttys000 Thu Nov 29 09:29 - 09:35  (00:05) fladmin          ttyp0       Thu Nov 29 13:37 - 13:37  (00:00)

In one fell swoop, this runs the command "last | head -1" on all machine defined in our machines.list file and additionally on "". You'll see the "Password:" prompt in the output above as wasn't preconfigured and is using password authentication. Once the (correct) password is entered, it happily gives us the output we're looking for, just like the other machines.

Final Tips

dsh is useful enough already, but how can we make our lives even easier? First, you may not always want to run all commands on all machines. There are two ways around this. One way is to use a group file. Simply create a file using the same format as machines.list and store it in /usr/local/etc/group/groupname. So, let's say we wanted to target all of our West Coast servers. We could create /usr/local/etc/group/west_coast and add to it:


Now, we can run commands against just this group:

$ dsh -M -g west_coast w

This will give us "who" (w) information from each server in the "west_coast" group.

Also, you can specify full server lists in an ad-hoc fashion. Create a file using the machines.list format, and specify it with the "-f" switch.

Nicely, if a machine definition ends up in multiple files, specifying it multiple times will be reduced to a single invocation.

The real magic here is that all input to dsh are simple text files. Decisions can be made, results grabbed from a database, files created on the fly and commands send to appropriate groups of machines. Think about how you could group machines: by location, by service (web, directory services), by class (PPC, dual-proc), by use (administrative, development), etc.

In Conclusion...

Despite the subhead, I don't believe dsh is meant to replace ARD. However, for server management, it may fit into your workflow better and can reach out to machines that ARD can't touch (think Linux or BSD servers...even Windows, with the right software and mindset). This can give you some incredible control over armies of machines. You have all the power of a shell on the remote machine. You can be very creative and powerful with this!

Until I found dshell, I used to do something similar by using a for loop to execute commands across machines:

for i in `cat servers.txt`; do
ssh root@$i softwareupdate -i -a

However, dsh has been thought out much more than the "for-loop-solution" and is much more extendible.

Don't run dsh in your production environment until you read the man page, which details some other options for limiting how many remote machines are accessed at any given time. (Look for the -N and -F options, specifically).

Media of the month: Walt Whitman, The Complete Poems. Start the year off with some poetry - especially if it's not your usual fare. Walt Whitman doesn't do it for you? Check out James Joyce or Emily Dickenson - there are amazing gems in that timeless writing.

Happy New Year!

Ed Marczak is the owner of Radiotope, a technology solution provider. He is also a husband, father and avid wearer of pants. tail -f /dev/brain at


Community Search:
MacTech Search:

Software Updates via MacUpdate

Nisus Writer Pro 2.1.2 - Multilingual wo...
Nisus Writer Pro is a powerful multilingual word processor, similar to its entry level products, but brings new features such as table of contents, indexing, bookmarks, widow and orphan control,... Read more
calibre 2.40.0 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Vivaldi - An advanced browser...
Vivaldi is a browser for our friends. In 1994, two programmers started working on a web browser. Our idea was to make a really fast browser, capable of running on limited hardware, keeping in mind... Read more
OmniPlan 3.0 - Robust project management...
With OmniPlan, you can create logical, manageable project plans with Gantt charts, schedules, summaries, milestones, and critical paths. Break down the tasks needed to make your project a success,... Read more
Yummy FTP 1.11 - FTP/SFTP/FTPS client fo...
Yummy FTP is an FTP + SFTP + FTPS file transfer client which focuses on speed, reliability and productivity. Whether you need to transfer a few files or a few thousand, schedule automatic backups, or... Read more
Tweetbot 2.1 - Popular Twitter client. (...
Tweetbot is a full-featured OS X Twitter client with a lot of personality. Whether it's the meticulously-crafted interface, sounds and animation, or features like multiple timelines and column views... Read more
MacPilot 8.0 - Enable over 1,200 hidden...
MacPilot gives you the power of UNIX and the simplicity of Macintosh, which means a phenomenal amount of untapped power in your hands! Use MacPilot to unlock over 1,200 features, and access them all... Read more
Typinator 6.7 - Speedy and reliable text...
Typinator turbo-charges your typing productivity. Type a little. Typinator does the rest. We've all faced projects that require repetitive typing tasks. With Typinator, you can store commonly used... Read more
Adobe Lightroom 6.2 - Import, develop, a...
Adobe Lightroom is available as part of Adobe Creative Cloud for as little as $9.99/month bundled with Photoshop CC as part of the photography package. Lightroom 6 is also available for purchase as a... Read more
ForeverSave 2.1.4 - Universal auto-save...
ForeverSave auto-saves all documents you're working on while simultaneously doing backup versioning in the background. Lost data can be quickly restored at any time. Losing data, caused by... Read more

Balloony Land offers a fresh twist on th...
Balloony Land by Palringo offers a fresh twist on the match three genre and is out now on iOS and Android. First-off, you'll be popping balloons instead of crushing candy and the balloons will float up and fill the empty spaces instead of dropping... | Read more »
Sago Mini Babies (Education)
Sago Mini Babies 1.0 Device: iOS Universal Category: Education Price: $2.99, Version: 1.0 (iTunes) Description: Introducing the Sago Mini babies. Boys and girls love caring for these adorable characters. Feed Robin her favorite mush... | Read more »
PAUSE - Relaxation at your fingertip (H...
PAUSE - Relaxation at your fingertip 1.1 Device: iOS iPhone Category: Healthcare & Fitness Price: $1.99, Version: 1.1 (iTunes) Description: | Read more »
Super Sharp (Games)
Super Sharp 1.1 Device: iOS Universal Category: Games Price: $1.99, Version: 1.1 (iTunes) Description: Your finger has never been so sharp! Cut with skill to complete the 120 ingenious physics levels of Super Sharp and become a cut... | Read more »
Assembly - Graphic design for everyone...
Assembly - Graphic design for everyone 1.0 Device: iOS Universal Category: Photography Price: $2.99, Version: 1.0 (iTunes) Description: Assembly is the easiest most powerful design tool on the App Store. Create anything you can... | Read more »
Dub Dash (Games)
Dub Dash 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: ARE YOU READY FOR THE ULTIMATE CHALLENGE? UNIQUE SYMBIOSIS OF MUSIC AND GRAPHICS | Read more »
Leave Me Alone (Games)
Leave Me Alone 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: 33% off launch sale!!! Somewhere between the 1980s and 1990s there exists a world that never was. A world of skatepunks,... | Read more »
YAMGUN (Games)
YAMGUN 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: The invasion has begun! Protect the walls of the citadel against waves of enemies! But watch out, you will soon run out of ammo...... | Read more »
Chesh (Games)
Chesh 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: It’s like chess, only not at all. ***40% off for a limited time to celebrate our launch!*** Chesh is a game of skill, strategy, luck,... | Read more »
Dust: An Elysian Tail (Games)
Dust: An Elysian Tail 1.051 Device: iOS Universal Category: Games Price: $5.99, Version: 1.051 (iTunes) Description: *Dust: An Elysian Tail is a visually rich experience and thus requires devices with 1GB RAM**Please note that... | Read more »

Price Scanner via

Apple’s Education discount saves up to $300 o...
Purchase a new Mac or iPad using Apple’s Education Store and take up to $300 off MSRP. All teachers, students, and staff of any educational institution qualify for the discount. Shipping is free, and... Read more
Save up to $350 with Apple refurbished iMacs
Apple has Certified Refurbished iMacs available for up to $350 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free: - 27″ 3.5GHz 5K iMac – $1949 $350 off MSRP - 27... Read more
Mac Pros on sale for up to $300 off MSRP
B&H Photo has Mac Pros on sale for up to $300 off MSRP. Shipping is free, and B&H charges sales tax in NY only: - 3.7GHz 4-core Mac Pro: $2818.99, $181 off MSRP - 3.5GHz 6-core Mac Pro: $3699... Read more
5K iMacs on sale for up to $150 off MSRP, fre...
B&H Photo has the 27″ 3.3GHz 5K iMac on sale for $1899.99 including free shipping plus NY tax only. Their price is $100 off MSRP. They have the 27″ 3.5GHz 5K iMac on sale for $2149, $150 off MSRP... Read more
Twelve South Redesigns BookArc For Today’s Sm...
Twelve South has announced a redesigned version of their very first product, BookArc for MacBook. Tailored specifically for the newest generation of MacBooks, BookArc holds the new, smaller Apple... Read more
Phone 6s Tips & Tricks – Tips Book For iP...
Poole, United Kingdom based Tap Guides Ltd. has announced the release and immediate availability of iPhone 6s Tips & Tricks, an in-depth eBook available in the iBookstore that’s priced just $2.99... Read more
Apple refurbished 2014 13-inch Retina MacBook...
Apple has Certified Refurbished 2014 13″ Retina MacBook Pros available for up to $400 off original MSRP, starting at $979. An Apple one-year warranty is included with each model, and shipping is free... Read more
13-inch 2.5GHz MacBook Pro on sale for $994,...
Best Buy has the 13″ 2.5GHz MacBook Pro available for $994.99 on their online store. Choose free shipping or free instant local store pickup (if available). Their price is $105 off MSRP. Price valid... Read more
Is The iPad Pro Really A Serious Laptop Repla...
Probably not, at least for productive professionals and other power users. Steve Jobs declared that we’d entered the “post-PC Era” with the advent of the original iPad in 2010, a phrase we don’t hear... Read more
Wednesday Deal: 13-inch Retina MacBook Pros f...
Adorama has 13″ Retina MacBook Pros on sale for up to $130 off MSRP. Shipping is free, and Adorama charges sales tax for NY & NJ residents only: - 13″ 2.7GHz/128GB Retina MacBook Pro: $1199.99 $... Read more

Jobs Board

*Apple* Retail Online, Customer Experience R...
**Job Summary** Apple Retail's Online Store sells Apple products to customers around the world. In addition to selling Apple products with unique services such Read more
Frameworks Engineer, *Apple* Watch - Apple...
**Job Summary** Join the team that is shaping the future of software development for Apple Watch! As a software engineer on the Apple Watch Frameworks team you will Read more
Senior Manager, Global Direct Marketing *App...
**Job Summary** Apple Retail is looking for an experienced Direct Marketing Leader to join its Marketing team. This position will take a leadership role in creating Read more
*Apple* Online Store Expansion - Apple (Unit...
**Job Summary** The Online Apple Store is seeking a person to lead its expansion into new countries. Based in Cupertino, CA, this person will develop and maintain an Read more
*Apple* Retail - Multiple Customer Support P...
Job Description:Customer SupportSpecialist - Retail Customer Service and SalesTransform Apple Store visitors into loyal Apple customers. When customers enter the Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.