ssh2 implementation --- Very urgent

midguy
midguy used Ask the Experts™
on
Hi,

I need to do implement ssh2 in all production servers. There are 100 production servers. All are remote machines. There are 2 machines( ex noc1 and noc2) at my work place, these are ultra 10 machines. My task is to implement ssh2 in all machines. These noc1 and noc2 servers are trusted machines to all 100 production servers, that means with ssh2 I can able to login all 100 production servers without password. Please explain step by step how to implement this. I know for this I need to implement ssh, please give me detail steps like how to generate keys for noc1, noc2 and all 100 prod servers.

Thanks in advance.
midguy
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Actually you dont need ssh to do this, it will work
with any shell if you create
/.rhosts file with noc1 and noc2 in it.
root will not be asked for a passwd at login from noc1 and noc2.

But using this feature, regardless of shell is not
considered secure.
I know its a pain to give passwds when logging in
but shourtcuts like is the start of a successful
breakin for someone else.

Using ssh is otherwise a good idea for saftey.

Author

Commented:
Besky thanks for your answer,

But I want that is very secure. I heard people are implementing some ssh2 with public key and private key mechanism. Please explain step by step.

Author

Commented:
Besky thanks for your answer,

But I want that is very secure. I heard people are implementing some ssh2 with public key and private key mechanism. Please explain step by step.
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Commented:
What version of Solaris are used on these systems ?

Author

Commented:
we are using 2.6 on all boxes.
I have a doc that walks you through installing SSH you can find it here:

http://www.solinuxcenter.com/download.php?op=viewdownload&cid=3

Here is the Step by Step no BS manual on instalilng and configuring SSH
If you need any more info let me know.

Author

Commented:
jpfrancai,

Thanks for the info, but it seems the link is down.

Commented:
OK, ssh is not part of the 5.6 release so here is
all the info, how to get it .....

It is just too much to write here

http://www.employees.org/~satch/ssh/faq/ssh-faq.html



HTH
The link works now, give another shot.

Author

Commented:
still link is not working.
Commented:
There are several ways to implement what you are trying to do. One tedious method is to generate a public/private key pair on each machine and add that to the authorized_keys list. Here's a quick example.

Say you have three machines, mach1, mach2.

On mach1, as the user who you will be logging in as, run:

mach1$ ssh-keygen -t rsa
(This will generate your public/private RSA key pair. Make sure you use a blank password, or else you will still be prompted for the key password when logging in). Now you should have some files in your .ssh directory as shown below:

mach1$ ls ~/.ssh
id_rsa  id_rsa.pub  known_hosts

What you have to do now is to take the id_rsa.pub file (which is just one really long line), and copy it to another host, say mach2. On mach2, you will then add the public key for mach1 into your authorized keys file.

mach1$ scp ~/.ssh/id_rsa.pub mach2:.
... on mach2 now...

mach2$ cat id_rsa.pub >> ~/.ssh/authorized_keys
(The above command will take the public key from mach1 and append it to the authorized_keys file.)

so now go back to mach1, and you should be able to ssh over to mach2 without a password.

mach1$ ssh mach2
mach2$

---
Now if you have a 100 machines, this is a tedious process. I would recommend first generating all the public/private key pairs on each machine and then copying them all to one machine (with different filenames ofcourse) and creating one big authorized_keys file. After that is done, copy the authorized_keys file to each machine and put it in the right place, and you should be good to go.


The other way to handle this (which incidentally is more secure too), is to use the ssh agent, and the agent forwarder. That is somewhat more complicated, but does save you for example if one of your machines is compromised. If one machine is broken into, the attacker will be able to get into any other machine, which is bad.

let me know if you have any questions.

- Danish

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial