Solved

RHEL5 and ssh key mangement

Posted on 2010-09-22
6
395 Views
Last Modified: 2012-05-10
Right now we have about 15 RHEL5 boxes and we use keys with SSH. However, when someone leaves the organization or comes it would be handy to just put there key in one location and have it pushed out to the servers.

Is there a way to do this with RHEL so that there won't be as much work when keys need to be changed?
0
Comment
Question by:willlandymore
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 33738194
You could maintain the authorized_keys and authorized_keys2 in a central location
When a user leaves you can remove their keys from those files and push them out.

Make sure that each user has their own key.

Are the servers centrally managed i.e. using openldap for user management?



0
 
LVL 1

Author Comment

by:willlandymore
ID: 33738455
no, no openLDAP.

I don't mind paying for something if they have it off the shelf or putting in another solution, but I don't have a sweet clue as to how to set it up. :)
0
 
LVL 77

Expert Comment

by:arnold
ID: 33738790
It is not clear what you are looking for.

Presumably you have a central server that has access to all others.

Does each user have their own login on each server or you use the ssh rsa/dsa key to get the user access into a shared account?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:willlandymore
ID: 33738820
each user has their own key and login on each box. I'm just looking for a way not to have to manage each host's keys and do it from one place and push it out to the rest of them, but I've never set something up like this so I'm a little fuzzy on where to start.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33740599
OK, Have each user provide you their public keys (RSA1, RSA, DSA)
you would need to keep track which is whose.

Then you would use those keys to create an authorized_keys and authorized_keys2.
You would then use a simple shell script that goes through the list of hosts and scps these two files to the user@host:/home/user/.ssh/
scp authorized_keys authorized_keys2 user@$host:/home/user/.ssh/

When a user leaves, you rebuild the two files by excluding that user's public keys, and push them out again.
0
 
LVL 77

Expert Comment

by:arnold
ID: 33743935
A similar process can be used to manage the local logins.
Note you should use cksum or md5sum as a mechanism to verify that the complete file made it through.  Using NFS shares could also be an option. I.e. each server has a cron job running as root monitoring the NFS share for an update file.

Not sure but you can also look at using puppet among other things to perhaps manage the systems from a central point.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question