password less ssh connection for more than 100 Linux servers
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
you should generate keygen only once and use that for all the servers.
In my case it is stored in /home/username/.ssh and it is mounted on all the servers therefore available everywhere.
Q1. Will I have to generate keys for each of the Linux servers?
Q2. I didn't understood stored inside .ssh and mounted on all servers?
firstly it should be in authorized_keys inside .ssh and secondly I couldn't get the word "mounting", I mean how would you mount it on all the servers for password less ssh?
Q3. Don't I need to copy the pub key to my remote servers?
Can you please explain in a bit detail if possible with an example?
Well probs the easiest way that I know of would be to run the following command for each remote host
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
that will put the key in to authorized_keys file for you so all you will need to do is type the ssh password once for each server.
Well that is something which can be done for few servers but doing that for 100s of server does not looks appropriate. There should be some other easier way for the same
Well that is something which can be done for few servers but doing that for 100s of server does not looks appropriate. There should be some other easier way for the same
There isn't. Either you put your key on the servers, or it won't be there to use...this is just like asking "I want to log in to 100 servers, but don't want to add my user ID on each one". No ID = no login. No SSH keyswap = no passwordless-login. Simple.
You don't say what you're trying to accomplish, but if you do have hundreds of servers, do you not have tools to help you administer that many systems already???
I always consider key pairs to be bound to a person, not to a system or account. If regarded that way, the solution seems to be:
- Create a key pair (done)
- Append your public key to the target accounts' authorized_keys.
The second step, as TBOne said, is unavoidable. If you are starting fresh it could be easier to copy your public key to authorized_keys, but you would still have to do that individually for each target account.
The only other "automatic" way I can think of for adding the keys to each server is if they have the same username & password, the you
can use the expect command with a for loop .
There isn't. Either you put your key on the servers, or it won't be there to use...this is just like asking "I want to log in to 100 servers, but don't want to add my user ID on each one". No ID = no login. No SSH keyswap = no passwordless-login. Simple.
You don't say what you're trying to accomplish, but if you do have hundreds of servers, do you not have tools to help you administer that many systems already???
Firstly, sir with all due respect I know that we will have to copy the pub keys to remote servers for password less ssh connection but instead of copying one by one to each one of them, is their a better way to do it was my question(of which I think you have given the answer)
I was expecting some answer with possible guidance for any script which can be used to make it simpler
Secondly as per the question you ask what I am trying to accomplish....In case I have 100 servers added to my AD reflecting all the users of my AD in all the servers. I don't want the users under my admin group to use their password every time they try to login to any of the server and also for copying files or it could be any thing. Now this is just an assuming scenario, the main focus was as I told above.
Is this mean all the users can log in to any of those hosts? How their home directories are set (configured). Is there a common home (shared dir) for all the hosts?
Is this mean all the users can log in to any of those hosts? How their home directories are set (configured). Is there a common home (shared dir) for all the hosts?
Yes, all the hosts under the same AD have the same membership of groups and users as allotted to them. The users home directory is given on AD which is same for everyone.(depends on which group they belong for eg admin, dba, developer) etc
Now same for everyone above does not means it is shared, As soon as user logs into a host his home directory is created in the default location as mentioned on AD.
The same way as it works in Windows client.
so in this case all the users will have a .ssh dir in their homes. They should put that file (authorized_keys) into that dir and therefore it will be automatically available on all hosts.
So they should run ssh-keygen and modify that authorized_keys as it was described for themselves. (or you can do it for them one by one, or in a loop with a script).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.