Hello,

i would like to setup password-sess access between 3 servers and allow quick addition of additional servers into password less group.

I want to ask how to do it so when i add new server i dont need to run difficult command on each of the server?


----
im using redhat CentOS only, please where (which file) is located ssh key info
a) on local server that is allowing connection
b) on remote server which is allowed to connect
?
Thank You

Wow this is pretty basic stuff, if you are setting up and maintaing a network you should know this, here's a hint read the ssh man page!

The most-common answer is that the keys are stored in physical files, at designated locations, and that the SSH daemon will pay-attention to them only if their security-permissions settings are exactly correct.

However ... this is not the only answer. SSH is also friendly to distributed-authentication protocols such as LDAP (nee "Microsoft OpenDirectory") and Kerberos. If you have many servers to manage, you could instruct the SSH implementations on each server to obtain the necessary credentials from such a source, instead of looking at per-computer files. (And I would advise you to do just that.) "Google It.™" There's a lot to read.

The overwhelming advantage here is that you can use LDAP to centrally-manage everything, including login credentials, and you can link everything together ("all of them talking to the same authority") to create a single sign-on to your "system of systems." Once the user successfully "logs in," that one identity can be picked-up and used by all kinds of servers, such as internal Apache-or-not web servers, file servers and whatnot. And of course, sshd. Attributes, security levels, roles and so-forth are well defined, but in a very flexible way. And your security team manages it all from one place, in one way.

(For what it's worth, nee goes the opposite direction.)

The default designated location for the public keys on the server would be in the users' accounts in ~/.ssh/authorized_keys, so those are what need to be synced among the servers. So when setting up a new server in that group, you have to find all those files and sync them. You can change the location of that file in the configurations for the SSH server or even add a second public key file, but those other files will still need to be synced.

If you use Kerberos, then that needs to be set up on the servers as well.

So there's not much of a way around syncing files. It is only a matter of which ones. The good news is that such work is easily scriptable and can be automated.

As Keith points out, you'll need the manuals. You should walk through all four (ssh, ssh_config, sshd, and sshd_config) to begin with, just to see what they cover, then read the sections relevant to your set up in detail.

1 members found this post helpful.

for details on ssh keys, check out the links in my signature.