tips on using ssh-copy-id under redhat 5

I have copied my keys to many machines using ssh-copy-id

If I rerun it on a host, I understand it will put my key in there twice.  

Is there a quick / easy command to determine if I already have a key on a box ?  I was considering using scp to copy a file howver that can have some long time outs if it is a failure..

When I copy a key I have to manually type in "yes" to add the host to a file of machines I know.

Also I have to type the password !

I also need to key AIX and solaris boxes.  Any issues with these ?

Do you know a way to reduce the work of doing this ?  I have tried passing a password in the past with some sort of script, I really would prefer my password not be in the history file.
TIMFOX123Asked:
Who is Participating?
 
woolmilkporcCommented:
Hi,

you can do

ssh user@hostname -o  PasswordAuthentication=no

If user doesn't have a key on hostname ssh will terminate immediately issuing "Permission denied (publickey,password)." and setting a return code of 255, which can of course be tested ("[[ $? -gt 0 ]]" for example).

In order to get rid of the confirmation prompt when adding a new machine to the "known_hosts" file you could consider using

"-o StrictHostKeyChecking=no"

if security isn't too big a concern.
ssh will add the name of the target host automatically without prompting.

An alternative would be

"-o StrictHostKeyChecking=yes"

In this case ssh will neither issue a prompt nor establish a connection if the target machine is not in "known_hosts".
It will issue "Host key verification failed." and set a returncode of (again) 255. This way you can determine which hosts must still be added to the known_hosts file.

scp accepts the "-o" (= "option") flag as well.

If you're after automating "ssh-copy-id" itself I'd recommend using "expect" and a script like this one:

#!/usr/bin/expect -f
spawn ssh-copy-id $argv
expect "password:"
send "MYPASSWORD\n"
expect eof


Replace "MYPASSWORD" with the actually desired password, save the script as e.g. "autoidcopy", make it executable, and call it like this:

./autoidcopy user@server

Finally, we could make a script to first determine whether a key is already present and copy it automatically if it isn't.
Please let me know if you need assistance creating such a thing.


wmp
0
 
TIMFOX123Author Commented:
than you wmp

this is pretty much my project and you really make me look good.

thanks a bunch
0
 
TIMFOX123Author Commented:
great !!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.