Ssh passwd less, shell script

kumar85shiv · November 21, 2016, 9:12pm

Hi All, Wishes!!
I need some help to prepare a script to copy the public key from admin host to multiple client hosts to make them login without password.

Detailed :
I have an admin host "admin1" and i generated sshkeygen, now i have id_rsa.pub and i have around 50 client hosts. i want to copy the admin1 public key to all clients.

from admin1, i wrote the small while loop,

while read line
do
    ssh-copy-id -i ~/.ssh/id_rsa.pub $line
done < clients.txt

but, here if i run the script, for every client i need to enter "yes" and then "password" for each client.

please suggest me to automate the same without entering "yes" and then "password" for each host.

Thanks
kumar

disedorgue · November 22, 2016, 6:06am

Hi, maybe, you can use sshpass :
Example with uniq password:

SSHPASS=your_password
while read line
do
  sshpass -e ssh-copy-id -i ~/.ssh/id_rsa.pub $line
done < clients.txt

See manpage for other options.

Regards.

rbatte1 · November 22, 2016, 10:43am

So what you want to do is to put a public key into place without authenticating. Would you be happy if your uses did this and could overwrite the authorised public key too?

If there is a plain FTP server on each box you want to connect to and you have credentials that will let you FTP to each of them, then you can certainly script that to put the public key in the correct location.

Make sure that your don't overwrite the existing authorized_keys file in case it's already in sue for something else.

Make sure that you get the permissions correct: mode 700 for ~/.ssh and mode 600 for files under ~/.ssh

Another way you might achieve this could be if you have a backup/restore agent on each, get the software to 'restore' your file to each in turn, but that might be more cumbersome that putting in your credentials in the first place and runs the risk of overwriting just the same.

I hope that this helps,
Robin

disedorgue · November 22, 2016, 11:07am

Hi rbatte1,
ssh-copy-id changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration). And append key to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory, if necessary).
Regards.

rbatte1 · November 23, 2016, 10:16am

We still have to get an authenticated connection open in some way. I've not used ssh-copy-id but I assume it prompts for password in a similar way to ssh in that it is secure and you cannot just pipe input to it. I don't have a test server to try it out on though.

Robin