[SOLVED] Remote SSH connection and user creation script RHEL 7 HELP!!!
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Remote SSH connection and user creation script RHEL 7 HELP!!!
Hi All, I am a newbie to Linux and was hoping for a little help. I am currently working on a method to setup a user on around 350 RHEL 7 boxes and a central server from which the user can SSH on to any of the boxes.
Before I start I have root access to all the boxes and am aware of public key requirements.
What I would like to do is the following:
1. A script to check the SSH connection to each of the boxes from the central server. I need to be able to do a SSH connection test to each of the 350 servers and record the results in a log file stating successful / failed to be reviewed. The purpose of this is to determine if the user has already been setup on some of the servers (as it might have already been).
2. Once the above has been completed, a script to remotely setup the user across the 350 boxes from the central server.
This is my first post and I know I'm probably asking for a lot, but any help will be greatly appreciated.
2. research mpssh (I would use this as a first cut)
3. Check into puppet
4. To sync keys (one host at a time, alas) I would use ssh-copy-id
Thanks for the response!
1. I am aware of LDAP, however the servers in question all use different authentication methods. Some are using LDAP, some using IDM and some IPA. Then there are others that aren't using anything. As this is the case, it was decided that the user would be setup locally on each server until a universal authentication method can be put in place. It's a mess I know, but you work with what you have
2 & 3. Sorry I should have stated this but due to security policies in place I cannot install any more packages than are already installed. Unfortunately the RHEL 7 version i am working with does not have mpssh / puppet package installed and as such I wont be able to use either of those.
4. As I cannot install any more packages, the KEY sync I have been doing one at a time so far, very painfully and very slowly
I have started to write a script to test the initial ssh connection to each of the boxes. The idea is to have a script and a hostlist.log from where the script obtains the server names. The script at the moment is not working so any help or pointers would be of great help!!!
I run my administration from a laptop. I install CentOS on the laptop and then any packages I please to make my life easier.
I suggest that this might serve you well.
Puppet requires installation, but mpssh can be installed and configured on your (linux) workstation. It only depends upon OpenSSH on the remote nodes, and that is on by default for RHEL7 and most other distributions.
The ssh-copy-id was a script at one time, but I believe it is now included in OpenSSH. In any case, you only need it on your administration workstation and only to make it easy to sync the keys.
I hope this helps.
Ansible comes with modules designed exactly for this, not only user and group management but also if you choose to modify additional config files while you're at it, it's a good opportunity to include that.
Given the circumstances you describe, I think that you should talk to your manager, and that (s)he should probably talk to the IT department. "Security policies" can be changed, and in an organization of any size there might be someone else in IT who will have a "much better idea" (such as the ones already suggested) and the ability to make it happen. Right now, you run the risk of having cobbled-up a "solution" that sort-of works –*but, does not work very well (how could it?) – but that fundamentally affects system security. Which no one else in the organization knows about, even though they need to.
So, this might well be a thing that needs to be discussed at a broader and higher level than yourself, and treated as a very formal project understood by all potential stakeholders ... of which there are a very great many. "Blow the whistle" on this requirement to get more people, and teams, involved in it.
2nd line echoes to the screen everything the script does, inc before-&-after versions of each cmd, so you can see what the parser is doing.
Very useful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.