I have discovered
Ansible and as the result, I have to deploy ssh keys to a few hundred UNIX/LINUX boxes….. Yes, there is the
ssh-copy-id which is fine for one machine but this is not going to work for me. The idea of repetitively entering root password is making me sick….. Is there anything else….?
Yes, there is actually more than one way to finish this task. There is the
sshpass that you download from EPEL which works with
ssh-copy-id like that:
# sshpass -f pass.txt ssh-copy-id -i ~root/.ssh/id_rsa.pub target_host_name
pass.txt file contains the root password, and the
target_host_name is the destination host name.
But there is even a better way! Thanks to Travis Bear who created
ssh-deploy-key. You can learn more about it following this link https://bitbucket.org/travis_bear/ssh-deploy-key
This is an excerpt from Travis doc’s:
Here is Travis comparison of
ssh-deploy-key with some other common ways to deploy a key.
“Deploying ssh keys by hand is a time-honored technique that in general works pretty well. However, in almost all cases, using ssh-deploy-key is a better option. It’s faster, easier, more reliable, and more repeatable. When deploying to more than one host at a time, these advantages only multiply with ssh-deploy-key’s bulk deployment abilities. There is one use case where deploying by hand is a better bet: when the remote host is on a different network, behind a jump box. ssh-deploy-key does not handle that scenario.
ssh-copy-id is a great tool, but it’s not the ideal solution for every scenario.
ssh-copy-id is not installed by default on all systems, notably on Mac OS.
ssh-copy-id has no concept of ‘smart append’. It will append a key to a remote host’s authorized keys file regardless of whether that key is already present.
• Scripting the use of
ssh-copy-id for deploying to multiple remote hosts can be challenging:
The password is entered interactively for each host. In the case where there are numerous remote hosts that have not seen before, you’d need to interactively allow each host to be added to your known_hosts file.
Configuration management tools (like Puppet, Ansible, etc.) can do a terrific job deploying ssh key(s). But if you are not already set up to use them for key distribution, these general-purpose solutions can be overkill, especially when compared with a dedicated tool like ssh-deploy-key that only does one thing.”
To install this utility requires two steps:
# yum -y install python-pip python-devel
# pip install ssh-deploy-key
spacecmd system_list command (Satellite/Spacewalk) generated all hosts names which where collected inside the HOSTS file. The actual processing the list of hosts was done extremely easy –
"ssh-deploy-key -d < HOSTS"
-d flag could be a very important one to remember. Without it the target host
/root/.ssh/authorized_hosts file will be overwritten - every host already defined there will be gone!!!