?
Solved

RHEL5 and ssh key mangement

Posted on 2010-09-22
6
Medium Priority
?
419 Views
Last Modified: 2012-05-10
Right now we have about 15 RHEL5 boxes and we use keys with SSH. However, when someone leaves the organization or comes it would be handy to just put there key in one location and have it pushed out to the servers.

Is there a way to do this with RHEL so that there won't be as much work when keys need to be changed?
0
Comment
Question by:willlandymore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 33738194
You could maintain the authorized_keys and authorized_keys2 in a central location
When a user leaves you can remove their keys from those files and push them out.

Make sure that each user has their own key.

Are the servers centrally managed i.e. using openldap for user management?



0
 
LVL 1

Author Comment

by:willlandymore
ID: 33738455
no, no openLDAP.

I don't mind paying for something if they have it off the shelf or putting in another solution, but I don't have a sweet clue as to how to set it up. :)
0
 
LVL 79

Expert Comment

by:arnold
ID: 33738790
It is not clear what you are looking for.

Presumably you have a central server that has access to all others.

Does each user have their own login on each server or you use the ssh rsa/dsa key to get the user access into a shared account?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:willlandymore
ID: 33738820
each user has their own key and login on each box. I'm just looking for a way not to have to manage each host's keys and do it from one place and push it out to the rest of them, but I've never set something up like this so I'm a little fuzzy on where to start.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 33740599
OK, Have each user provide you their public keys (RSA1, RSA, DSA)
you would need to keep track which is whose.

Then you would use those keys to create an authorized_keys and authorized_keys2.
You would then use a simple shell script that goes through the list of hosts and scps these two files to the user@host:/home/user/.ssh/
scp authorized_keys authorized_keys2 user@$host:/home/user/.ssh/

When a user leaves, you rebuild the two files by excluding that user's public keys, and push them out again.
0
 
LVL 79

Expert Comment

by:arnold
ID: 33743935
A similar process can be used to manage the local logins.
Note you should use cksum or md5sum as a mechanism to verify that the complete file made it through.  Using NFS shares could also be an option. I.e. each server has a cron job running as root monitoring the NFS share for an update file.

Not sure but you can also look at using puppet among other things to perhaps manage the systems from a central point.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question