Friday, 21 November 2008

add ssh key pair for ssh logins without password authentication

If you're trying to write a script that needs to log in to a number of remote servers, and are trying to avoid typing in passwords (or hard-coding passwords in an expect script, or similar) - this could be a lifesaver.

Create a key:

$ ssh-keygen -t dsa -f ~/.ssh/id_dsa -C ""
Generating DSA keys: Key generation complete.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ~/.ssh/id_dsa
Your public key is:
1024 35 [really long string]
Your public key has been saved in ~/.ssh/

For some versions of ssh-keygen, you'll need to specify ssh-keygen -d

The -C is an optional comment.

Create a list of servers you want to be able to log into freely and save it to a file called serverlist.  Then you'll be able to run the fragment:

for server in `grep -v "^ *#" serverlist`;do
  echo $server
  cat ~/.ssh/ | ssh username@$server 'cat - >> ~/.ssh/authorized_keys'

You may need to create the directory .ssh on the target server.

Now you should be able to ssh to the servers listed without being prompted for a password.

No comments: