This is TikiWiki v1.9.7 -Sirius- © 2002–2005 by the Tiki community. Mon 06 of Sep, 2010 [23:38 UTC]
|
Last blog posts
Login |
Viewing blog post - Network SecurityReturn to blogCollecting all SSH RSA keys, and redistributing them
Here's a handy script for those who like to create a revocable, per-user trust system...
This script will reach into all of your boxes, where you already run ssh (and have already run ssh-keygen). It will retrieve all of the .ssh/id_rsa.pub keys, concatenate them into a single file, and deliver that file to all the hosts as the .ssh/authorized_keys file. Presto, all your hosts now share the same set of RSA keys, and you don't need to type passwords again. If one of the machines gets compromised, you can revoke the key and redistribute easily again. NOTE: There are much better ways of doing this — but this is simple, quick, and efficient... # List your hosts (hostname, or FQDN) separated with spaces
HOSTS="hewey dewey lewey"
# Base file name
KEYFILE=authorized_keys
# Wipe out old temp file
rm $KEYFILE.new
# Collect (concatenate) public RSA keys from all hosts
# If you have errors, you may either be lacking the key -- use "ssh-keygen -t rsa"
# Of you might have a key that has changed (remove the offending key)
for i in $HOSTS ; do {
echo "Host: $i"
ssh $i cat .ssh/id_rsa.pub >>$KEYFILE.new
} ; done
chmod go-rw $KEYFILE.new
# Push newly built collection of all keys into all hosts
for i in $HOSTS ; do {
echo "Host: $i"
scp -p $KEYFILE.new $i:.ssh/$KEYFILE
} ; done
|
![[hide]](javascript:icntoggle('mod-mnu_application_menu','mo.png');)
