tips on using ssh-copy-id under redhat 5

Posted on 2012-09-16
Last Modified: 2012-09-21
I have copied my keys to many machines using ssh-copy-id

If I rerun it on a host, I understand it will put my key in there twice.  

Is there a quick / easy command to determine if I already have a key on a box ?  I was considering using scp to copy a file howver that can have some long time outs if it is a failure..

When I copy a key I have to manually type in "yes" to add the host to a file of machines I know.

Also I have to type the password !

I also need to key AIX and solaris boxes.  Any issues with these ?

Do you know a way to reduce the work of doing this ?  I have tried passing a password in the past with some sort of script, I really would prefer my password not be in the history file.
Question by:TIMFOX123
    LVL 68

    Accepted Solution


    you can do

    ssh user@hostname -o  PasswordAuthentication=no

    If user doesn't have a key on hostname ssh will terminate immediately issuing "Permission denied (publickey,password)." and setting a return code of 255, which can of course be tested ("[[ $? -gt 0 ]]" for example).

    In order to get rid of the confirmation prompt when adding a new machine to the "known_hosts" file you could consider using

    "-o StrictHostKeyChecking=no"

    if security isn't too big a concern.
    ssh will add the name of the target host automatically without prompting.

    An alternative would be

    "-o StrictHostKeyChecking=yes"

    In this case ssh will neither issue a prompt nor establish a connection if the target machine is not in "known_hosts".
    It will issue "Host key verification failed." and set a returncode of (again) 255. This way you can determine which hosts must still be added to the known_hosts file.

    scp accepts the "-o" (= "option") flag as well.

    If you're after automating "ssh-copy-id" itself I'd recommend using "expect" and a script like this one:

    #!/usr/bin/expect -f
    spawn ssh-copy-id $argv
    expect "password:"
    send "MYPASSWORD\n"
    expect eof

    Replace "MYPASSWORD" with the actually desired password, save the script as e.g. "autoidcopy", make it executable, and call it like this:

    ./autoidcopy user@server

    Finally, we could make a script to first determine whether a key is already present and copy it automatically if it isn't.
    Please let me know if you need assistance creating such a thing.


    Author Comment

    than you wmp

    this is pretty much my project and you really make me look good.

    thanks a bunch

    Author Closing Comment

    great !!!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now