Distributing SSH Keys

[toddyl]

Hi,

I have an internal development environment which consists of 20 servers (a mix of LINUX and SOLARIS) and I wish to load the ssh rsa key that I generated on my central server onto these.

So far I have generated my ssh key file for my central server using the command ssh-keygen -t rsa -f myfile

I am then using ssh to manually log into each of the servers; then using scp to copy myfile.pub over to this server and then using cat to append the contents of myfile.pub into the authorized_keys file on the server.

This all works fine but its a slow process.

I was wondering if anyone knew of a way I could use commands/scripts etc. on my central server to update the authorized_keys file on each of the other servers so that I can speed up this process.

Any help would be great.

Thanks.

 

[Annihilannic]

You can do it in one step using:

[tt]ssh remoteserver 'cat >> .ssh/authorized_keys' < myfile.pub[/tt]

Annihilannic.

 

[columb]

This is how I do it.
This perl script automatically
[ul]
[li]Creates a new user on each system using the same UID with the range 16001 - 16999[/li]
[li] Links in a particular .profile - this script is for our service desk users who get a menu system, not a command line[/li]
[li] Creates ssh keypairs on each host[/li]
[li] Copies around an 'authoriszed_keys' file[/li]
[/ul]

Note that it doesn't copy round a 'known_hosts' file. Maybe it should!

#!/usr/bin/perl -w
use strict;
use Getopt::Std;

sub printusage
  {
  print @_;
  print "Usage: $0 -p <PIN> -g <gecos>\n";
  # Note that PIN is equivalent to User name
  exit 1;
  }

sub next_free_uid
  {
  my $hashref = shift;
  my $i;
  for ( $i = 16001; $hashref->{$i}; $i++ ){}
  # Our UIDs are in the range 16001 - 16999
  return $i;
  }

sub get_uid
  {
  # Checks that any already know UIDs are consitant across all systems
  # and returns the unique UID.
  # aborts if a mix of UIDs is found
  my $hashref = shift;
  my $retval = 0;
  foreach ( keys %{$hashref} )
    {
    $retval or $retval = $hashref->{$_}, next;
    $retval == $hashref->{$_} or printusage "Invalid mix of uids\nUse chkuser.pl to sort it out\n";
    }
  return $retval;
  }

my %opts;
getopt ( 'gp', \%opts ) or printusage;
(! defined $opts{'g'}) || (! defined $opts{'p'}) and printusage "Missing parameter\n";

my %uids;
my %hostuid;
my @hosts = qw ( b04001 b04201 b04401 b04601 b04801 b05001 b05201 b05401 );
# This is a list of the servers involved
foreach my $host ( @hosts )
  {
  foreach ( `ssh $host "cat /etc/passwd"` )
    {
    my ( $pin, undef, $uid, undef, $gecos ) = split /:/;
    ( $uid > 16000 ) && ( $uid < 17000 ) and $uids{$uid}++;
     #This sets up a hash of used UIDs between 16000 and 16999
    $pin eq $opts{'p'} and $hostuid{$host} = $uid;
    #Check whether this user already exists
    }
  }

open OFH, ">$opts{'p'}.keys" or die "Unable to open keys file\n";
#Open a file which will have all the keys in it
my $workinguid = (scalar keys %hostuid ) ? get_uid \%hostuid : next_free_uid \%uids;
# If we don't already have this user then use next free id
foreach my $host ( @hosts )
  {
  # For each host where this user is not already known
  defined $hostuid{$host} or do
    {
    # Create the user
    my $cmd = "ssh $host \"mkuser id=$workinguid pgrp=helpdesk gecos=\\\"$opts{'g'}\\\" $opts{'p'}";
    print "$cmd\n";
    system $cmd;
    # Generate the keys
    $cmd = "ssh $host \"su - $opts{'p'} -c /usr/local/bin/mk_public_private_keys.ksh\"";
    print "$cmd\n";
    system $cmd;
    # Set the .profile - y9ou probably wont need this
   $cmd = "ssh $host \"ln -f /home/helpdesk/.profile /home/$opts{'p'}/.profile\"";
    system $cmd;
    print "$cmd\n";
    # Copy the keys into the key file
    print OFH `ssh $host "cat /home/$opts{'p'}/.ssh/id_rsa.pub"`;
    };
  }
close OFH;

foreach my $host ( @hosts )
  {
  #Copy the newly generated key file to each host
  my $fname = "/home/$opts{'p'}/.ssh/authorized_keys";
  my $cmd = "scp $opts{'p'}.keys $host:$fname";
  system $cmd;
  # Set appropriate permissions
  $cmd= "ssh $host \"chmod 600 $fname\"";
  system $cmd;
  # Set appropriate ownership
  $cmd = "ssh $host \"chown $opts{'p'}:helpdesk $fname\"";
  system $cmd;
  }

Ceci n'est pas une signature
Columb Healy