Sunday, August 19, 2012

Ssh!!

One of the things most people hate to do is to type in passwords. Not only could someone be looking over your shoulder, but also the password gets sent where it can be easily monitored. There has to be a better way. A method very much used on 'nix systems (including OS/X) is called the 'secure shell' (ssh for short). You can actually use it on Microsoft systems also, but it requires more than usual extra setup. More about setting up here: (http://www.instructables.com/id/Linux-setup-for-SSH-password-less-login/).

$ ssh typo1
password: _

Anyway, if you are setting up a new system and or recovering from a hard disk crash, setting up the ssh keys to all the servers or systems you log into can be a lot of fun. There had to be a way of automating this process.  The process is usually just three steps. Copy your key to the new server, adding the key to the authorized_key files, and then lastly removing the copied key if need be. So let's make a batch file to take care of this.

Installkey.sh
[code]
# invoke with ./Installkey.sh servername
# copy the key
scp .ssh/id_dsa.pub $1:~/.
# install the key
ssh $1 'cat id_dsa.pub >> .ssh/authorized_keys'
# remove the public key you just copied
ssh $1 'rm ~/id_dsa.pub'
[/code]

Save it to an ascii file.
Enable the shell file
$ chmod +x  Installkey.sh

Run the code:

$ ./Installkey.sh typo1

Now you should be able to log into the server without typing a password.

$ ssh typo1
Linux typo1 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Debian comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

                     /)
          o                 /' )
                           /'   (                          ,.
                        __/'     )                        .' `;
         o      _.-~~~~'          ``---..__             .'   ;
           _.--'  b)                       ``--...____.'   .'
          (     _.      )).      `-._                     <
           `\|\|\|\|)-.....___.-     `-.         __...--'-.'.
            `---......____...---`.___.'----... .'         `.;
                                            `-`             `

   This machine is for the exclusive use of OE.
   Anyone attempting to gain, or gaining access other
   than as specifically authorized will be prosecuted
   under all applicable statutes plus all applicable
   civil rules for damages.

   ------------------------------------------------------------------------
You have mail.
Last login: Sun Aug 19 05:15:37 2012 from oedt01
$ _

But then I thought, what if I need to do a bunch of servers, even that could be tedious. So let's add some more code. First we need to make a list of the servers we want to update and save them to a file.

servers:
[data]
typo1
oesrvr1
...
[/data]

Now we need to use the original code and add a routine to read the server names from a file. That allows us to just type in one command and do all the servers. If we need to add a new server to the list, you just add it to the servers file. One bit of caution is that if you have run the program before, you do not need to do it again on prepared servers. Rename the existing servers file and start a new servers file.

srvrsshupdate.sh:
[code]
####################################
# Update remote ssh server keys
# by the sysadmin
# date: 08/19/2012
#=================================
# Assignments
# --------------------------------
# servers has list of servers to update (s/b 1 server name per line)
servernamefile="servers"
# end assignments
#=================================
#
# Just do it. (main loop)
#---------------------------------
while read line
do server= $line
scp .ssh/id_dsa.pub $server:~/.
ssh $server 'cat id_dsa.pub >> .ssh/authorized_keys'
ssh $server 'rm ~/id_dsa.pub'
done < $servernamefile
# end of main loop
#==================================
# End of job
###################################
[/code]

Enable
$ chmod +x srvrsshupdate.sh

Run it
$ srvrsshupdate.sh
My desktop bit the dust  After replacing the hard drive, I decided to put a new install of linux (Debian replaced Ubuntu.) You really should not use old ssh keys, so I regenerated a new key and proceeded to update all the servers.

No comments:

Post a Comment