Solved

RHEL5 and ssh key mangement

Posted on 2010-09-22
6
370 Views
Last Modified: 2012-05-10
Right now we have about 15 RHEL5 boxes and we use keys with SSH. However, when someone leaves the organization or comes it would be handy to just put there key in one location and have it pushed out to the servers.

Is there a way to do this with RHEL so that there won't be as much work when keys need to be changed?
0
Comment
Question by:willlandymore
  • 4
  • 2
6 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You could maintain the authorized_keys and authorized_keys2 in a central location
When a user leaves you can remove their keys from those files and push them out.

Make sure that each user has their own key.

Are the servers centrally managed i.e. using openldap for user management?



0
 
LVL 1

Author Comment

by:willlandymore
Comment Utility
no, no openLDAP.

I don't mind paying for something if they have it off the shelf or putting in another solution, but I don't have a sweet clue as to how to set it up. :)
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
It is not clear what you are looking for.

Presumably you have a central server that has access to all others.

Does each user have their own login on each server or you use the ssh rsa/dsa key to get the user access into a shared account?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:willlandymore
Comment Utility
each user has their own key and login on each box. I'm just looking for a way not to have to manage each host's keys and do it from one place and push it out to the rest of them, but I've never set something up like this so I'm a little fuzzy on where to start.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
OK, Have each user provide you their public keys (RSA1, RSA, DSA)
you would need to keep track which is whose.

Then you would use those keys to create an authorized_keys and authorized_keys2.
You would then use a simple shell script that goes through the list of hosts and scps these two files to the user@host:/home/user/.ssh/
scp authorized_keys authorized_keys2 user@$host:/home/user/.ssh/

When a user leaves, you rebuild the two files by excluding that user's public keys, and push them out again.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
A similar process can be used to manage the local logins.
Note you should use cksum or md5sum as a mechanism to verify that the complete file made it through.  Using NFS shares could also be an option. I.e. each server has a cron job running as root monitoring the NFS share for an update file.

Not sure but you can also look at using puppet among other things to perhaps manage the systems from a central point.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now