monitoring SSH authorized_keys

UNIX for Advanced & Expert Users
1

Hi,

We have around 200 SUN Servers in production environment and I have one box from where I manage all the servers. It's setup such that I can SSH from my box onto all the 200 servers with without supplying password. It is working fine but sometimes we notice the keys getting changed and asking for password once in a while.

So, the requirement is to have a script that checks if I can login from my box to ALL 200 box without supplying password (i.e., ensuring no keys changed). The condition here we have is NOT to use RSH/RLOGIN for checking the keys or whatever it is for.

Any help highly appreciated

Thanks

Praveen RK

2

I guess this is not such an easy task, but you can use TCL/Expect to achieve this. A while ago I've posted a suggestion how-to do this with expect, certainly, you are free to modify this little example per your needs.
So the logic would be as follows :
Use the expect part, as if you were simulating ssh sessions.
If the login is successful, just add entry to a log file, like :

If $? eq 0; then echo "Login to server $x OK, `date`" 
    else mail -s "Login to server $x failed" your@mail.com

This should be done for all of the 200 servers.