This blog post captures details on how to copy SSH key to multiple servers. If you manage more than one Linux server and have been challenged with automating mundane tasks, using SSH keys to login to a server without having to enter your password can be extremely irritating. There are more than one way to automate login to a Linux server.
- Use a utility like sshpass where you can provide the password as an argument.
- Use public-private SSH key pair.
- Creating SSH Keys
- Copy SSH Key to Servers
For authentication to work successfully, the client holds both the public and the private key, while the server holds the public key.
- The client initiates an authentication request to the server.
- The server sends a random message back to the client.
- The client then uses the private key to encrypt the message and sends it back to the server.
- Using the public key, Server decrypts the message.
If the messages match, the client is authenticated and allowed access.
Creating SSH Keys
https://help.ubuntu.com/community/SSH/OpenSSH/Keys is a good read and has lot of details on public and private keys. Below are the steps that can be generated to create a public-private key pair.
Follow the prompt below. If you enter a passphrase, you will need to enter the passphrase every time the key is used.
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu//.ssh/id_rsa): Created directory '/home/ubuntu//.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu//.ssh/id_rsa. Your public key has been saved in /home/ubuntu//.ssh/id_rsa.pub. The key fingerprint is: 04:39:2a:b6:77:ae:cc:ee:9e:d4:ad:9d:30:c2:b7:c5 firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ | .. | | o. | | . .. | | o . . | | . o S | | .....o | | .+o= E | | + +.B . | | +O.o o | +-----------------+
The private and public key are key under .ssh directory by default.
Copy SSH Key to Servers
In order to copy the public key to multiple servers, create a file called servers, that has either IP address or hostname of the servers to which the key needs to be copied to, one server per line. E.g.:
192.168.100.1 server.example.com 192.168.100.2 server2.example.com
Note: Before you copy SSH key to multiple servers, I recommend that you create a file with one or two servers and verify that the process works.
Below are two snippets that can be used.
ssh-copy-id is a shell script that can be used to copy the ssh key easily. It handles conditions where if the key already exists, it will skip the copy. The syntax of ssh-copy-id is below
ssh-copy-id -i user@server
path-to-identity-file is the path to your id_rsa.pub file
user is the username on the remote server
server is the ip address or FQDN of the remote server
for i in `cat servers`; do ssh-copy-id -i ~/.ssh/id_rsa.pub root@$i done
Older versions of ssh-copy-id, which is found on CentOS/Redhat Enterprise version 6 will not verify whether the key already exists on the server or not. Using grep, one can verify whether the key exists on the remote server or not. If it doesn’t the snippet below will add the key, else will skip.
for i in `cat servers`; do cat ~/.ssh/id_rsa.pub | ssh -oConnectTimeout=5 -oStrictHostKeyChecking=no root@$i 'mkdir -pm 0700 ~/.ssh && while read -r keytype keyname comment; do if ! (grep -Fw "$keytype $keyname" ~/.ssh/authorized_keys | grep -qsvF "^#"); then echo "$keytype $keyname $comment" >> ~/.ssh/authorized_keys fi done'; done
You should be able to ssh to the server without entering a password.