[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

tips on using ssh-copy-id under redhat 5

Posted on 2012-09-16
3
Medium Priority
?
915 Views
Last Modified: 2012-09-21
I have copied my keys to many machines using ssh-copy-id

If I rerun it on a host, I understand it will put my key in there twice.  

Is there a quick / easy command to determine if I already have a key on a box ?  I was considering using scp to copy a file howver that can have some long time outs if it is a failure..

When I copy a key I have to manually type in "yes" to add the host to a file of machines I know.

Also I have to type the password !

I also need to key AIX and solaris boxes.  Any issues with these ?

Do you know a way to reduce the work of doing this ?  I have tried passing a password in the past with some sort of script, I really would prefer my password not be in the history file.
0
Comment
Question by:TIMFOX123
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 38404830
Hi,

you can do

ssh user@hostname -o  PasswordAuthentication=no

If user doesn't have a key on hostname ssh will terminate immediately issuing "Permission denied (publickey,password)." and setting a return code of 255, which can of course be tested ("[[ $? -gt 0 ]]" for example).

In order to get rid of the confirmation prompt when adding a new machine to the "known_hosts" file you could consider using

"-o StrictHostKeyChecking=no"

if security isn't too big a concern.
ssh will add the name of the target host automatically without prompting.

An alternative would be

"-o StrictHostKeyChecking=yes"

In this case ssh will neither issue a prompt nor establish a connection if the target machine is not in "known_hosts".
It will issue "Host key verification failed." and set a returncode of (again) 255. This way you can determine which hosts must still be added to the known_hosts file.

scp accepts the "-o" (= "option") flag as well.

If you're after automating "ssh-copy-id" itself I'd recommend using "expect" and a script like this one:

#!/usr/bin/expect -f
spawn ssh-copy-id $argv
expect "password:"
send "MYPASSWORD\n"
expect eof


Replace "MYPASSWORD" with the actually desired password, save the script as e.g. "autoidcopy", make it executable, and call it like this:

./autoidcopy user@server

Finally, we could make a script to first determine whether a key is already present and copy it automatically if it isn't.
Please let me know if you need assistance creating such a thing.


wmp
0
 

Author Comment

by:TIMFOX123
ID: 38405507
than you wmp

this is pretty much my project and you really make me look good.

thanks a bunch
0
 

Author Closing Comment

by:TIMFOX123
ID: 38405509
great !!!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month18 days, 2 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question