Solved

RHEL5 and ssh key mangement

Posted on 2010-09-22
6
405 Views
Last Modified: 2012-05-10
Right now we have about 15 RHEL5 boxes and we use keys with SSH. However, when someone leaves the organization or comes it would be handy to just put there key in one location and have it pushed out to the servers.

Is there a way to do this with RHEL so that there won't be as much work when keys need to be changed?
0
Comment
Question by:willlandymore
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 33738194
You could maintain the authorized_keys and authorized_keys2 in a central location
When a user leaves you can remove their keys from those files and push them out.

Make sure that each user has their own key.

Are the servers centrally managed i.e. using openldap for user management?



0
 
LVL 1

Author Comment

by:willlandymore
ID: 33738455
no, no openLDAP.

I don't mind paying for something if they have it off the shelf or putting in another solution, but I don't have a sweet clue as to how to set it up. :)
0
 
LVL 77

Expert Comment

by:arnold
ID: 33738790
It is not clear what you are looking for.

Presumably you have a central server that has access to all others.

Does each user have their own login on each server or you use the ssh rsa/dsa key to get the user access into a shared account?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 1

Author Comment

by:willlandymore
ID: 33738820
each user has their own key and login on each box. I'm just looking for a way not to have to manage each host's keys and do it from one place and push it out to the rest of them, but I've never set something up like this so I'm a little fuzzy on where to start.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33740599
OK, Have each user provide you their public keys (RSA1, RSA, DSA)
you would need to keep track which is whose.

Then you would use those keys to create an authorized_keys and authorized_keys2.
You would then use a simple shell script that goes through the list of hosts and scps these two files to the user@host:/home/user/.ssh/
scp authorized_keys authorized_keys2 user@$host:/home/user/.ssh/

When a user leaves, you rebuild the two files by excluding that user's public keys, and push them out again.
0
 
LVL 77

Expert Comment

by:arnold
ID: 33743935
A similar process can be used to manage the local logins.
Note you should use cksum or md5sum as a mechanism to verify that the complete file made it through.  Using NFS shares could also be an option. I.e. each server has a cron job running as root monitoring the NFS share for an update file.

Not sure but you can also look at using puppet among other things to perhaps manage the systems from a central point.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question