SaltStack Salt SSH Server-Only Mode

SaltStack offers an agentless option called Salt SSH that allows users to run certain command without having to install a minion on the remote device or node. This is similar in concept to Puppet Bolt. The main requirements to use Salt are that the remote system must have SSH enabled and Python installed.

SaltStack connects to a remote system and installs a lightweight version of SaltStack in a temporary directory with configuration directory and can then optionally delete the temporary directory and all files upon completion, leaving the remote system clean. These temporary directories is accessed through its command private key file and can be left on the remote systems along with default roster file location or any necessary files to run. This way, the files do not have to be reinstalled to the remote device, which can be useful when time is a consideration. This is often useful on devices that are using Salt SSH more frequently than other devices in the environment. Another benefit of using this is that it can work in conjunction with the master/minion environment, or it can be used completely agentless across the environment. By default, this uses the default roster file to store connection information for any host that doesn’t have a minion installed. The example below shows the content structure of this file. It is easy to interpret the roster file and many other files associated with Salt SSH because they are constructed in human-readable form.


Roster File



user: admin

One of the major design considerations when using this is that it is considerably slower than the 0MQ distributed messaging library. However, Salt SSH is still often considered faster than logging in to the system to execute the its commands. By automating daily configuration tasks, users can gain some of the following benefits:

  • Increased agility
  • Reduced Opex
  • Streamlined management
  • Reduced human error



Salt SSH takes its configuration from a master configuration file. Normally, this master config file is in /etc/salt/master. If one wishes to use a customized configuration file, the -c option to Salt SSH facilitates passing in a directory to look inside for a configuration file named master.


Calling Salt SSH

The salt-ssh command requires at least Python 3, which is not installed by default location on some target hosts.

To install a raw shell command is:

  • salt-ssh centos-5-minion -r ‘yum -y install epel-release ; yum -y install python26’

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: