Automated SSH key distribution (219 Views)
Reply
Frequent Advisor
Ignite_2
Posts: 98
Registered: ‎09-12-2008
Message 1 of 4 (219 Views)
Accepted Solution

Automated SSH key distribution

Hi,

Could you please advise with issue described below?

I've just generated an ssh key pair on HP-UX. Now I need to distribute my authorized_keys to over 200 systems, so I can connect them later without password.

What I'm trying to create is a script which will:
login to remote system
create .ssh directory
copy there authorized_keys

I'm searching for an automated login without requesting password for each system (it's always the same). I think expect would make my life easier, but don't know how to use it...
Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,249
Registered: ‎12-02-2001
Message 2 of 4 (219 Views)

Re: Automated SSH key distribution

If I recall correctly, one of the example scripts that comes with expect is called "autoexpect": you can start it, then login to a remote system once. The autoexpect script will monitor your inputs and outputs and will auto-generate a script to perform the same procedure again.

After generating a script with autoexpect, you usually have to tweak it manually to make it work with all hosts, instead of only the specific one you used as an example: for example, you may want to replace hostnames in the script with command-line arguments or other variables, and edit the prompts and other strings incoming from the remote host, so that they will be applicable to all hosts (for example, remove or replace with wildcards any expected strings that include version numbers).

Here are some links to documentation about Expect:
http://wiki.tcl.tk/Expect
http://expect.sourceforge.net/

Of course, the stupid lazy way is to make a simple script that issues all the necessary commands to all the hosts in sequence, and then use the Copy/Paste functionality of your workstation to repeatedly enter the password at each prompt as it appears.

Pressing Alt-V (the common Windows keyboard shortcut for Paste) or the middle mouse button (for the Paste function of the X11 Window System) repeatedly for 250..500 times is utterly boring and RSI-inducing (remember to flex your hands once in a while!), but doable if you only have to do it once.

If you can use one HP-UX (or any Unix-style system) to log on to all the others, here's one way to do your task:

- create the .ssh directory and the authorized_keys file on one HP-UX host, set the permissions properly, and make sure it works

- create a text file that contains the hostnames of your target systems, one per line

- use the "ssh-keyscan" command to gather a set of SSH host keys for all your hosts in advance, and store it to the known_hosts file, so you won't have to answer any "SSH hostkey is unknown" prompts.

- run "scp -rp .ssh username@second_host:" to recursively copy the entire .ssh directory to your home directory to one other host, to verify it works and the only thing you need to type is the password

- make a tiny script like this:

#!/bin/sh
while read TARGET
do
echo "Connecting to ${TARGET}"
scp -rp .ssh username@${TARGET}:
done

- pipe the list of hostnames to the script:

sh yourscript.sh < list_of_hostnames.txt

- use another terminal window (or Notepad etc.) to copy your password to the Copy/Paste buffer, then switch to the window that runs your script, and start hitting the Paste key.

- keep a notepad handy (either a physical one, or one in another window on your screen) so you can record the names of any hosts which seem to have problems, or need some further attention.

MK
MK
Please use plain text.
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 3 of 4 (219 Views)

Re: Automated SSH key distribution

Hi:

Look at 'csshsetup' which is a part of the Distributed Systems Administration Utilities (DSAU):

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=DSAUtilities

See the documentation here:

http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c01920477/c01920477.pdf

Regards!

...JRF...

Please use plain text.
Frequent Advisor
Ignite_2
Posts: 98
Registered: ‎09-12-2008
Message 4 of 4 (219 Views)

Re: Automated SSH key distribution

Thanks a lot for feedback guys :)
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation