Logging into Linux servers using ssh keys
The client I’m working for forces password updates every ~3 months, which means the 100 or so servers I’m logging into need to have their saved passwords updated in my SSH client software. I got really tired of this and so I decided to automate with a bash script in a secure way with ssh keys instead of passwords.
UPDATE: This post is primarily to share the bash script I wrote. For a more intuitive tutorial on my first steps 1-4, refer to something like this. The script I created helps propagate my public ssh key.
1. Install putty
2. in the program files folder of putty, start the app named puttygen
3. set key encryption to 2048. Click ‘generate’
4. save the private key to disk (copy the text of the public key and paste it into the script below for the value of publicSSHKey)
5. Copy the following into an executable file on your linux box. I called mine AddSSH.sh (chmod +x AddSSH.sh)
6. Execute the following as root… with sudo. (sudo AddSSH.sh)
#!/bin/bash # # AddSSH.sh # # Adds an SSH key to the authorized_keys file and allows system to accept SSH keys for login # Requirements: # 1. You must specify a valid user for the userid. # 2. You must specify the public SSH key in publicSSHKey (Use putty's puttygen to create this"). # 3. Must run as rooooooot! # ############################################################ # The user account you are enabling logins for userid="" # The public SSH key (you probably used puttygen to create) publicSSHKey="" # Source function library. . /etc/rc.d/init.d/functions clear echo "Script name = $(basename "$0")" echo -e "Script last modified. = \e[00;33m `date -r $0 +%c` \e[00m" echo -e "\n\n" # Ensure we are running as root if [[ $UID != 0 ]]; then echo "Please run this script as root (sudo su -):" echo_failure exit 1 fi # Ensure the user specified in $userid exists if [ ! -d /home/$1 ]; then echo "the user specified in the script settings: ${1} , does not exist." echo "You must edit this script and populate the userid variable with a valid user" echo_failure exit 1 fi # Check for .ssh dir dir1="/home/$userid/.ssh" if [ ! -d $dir1 ]; then echo ".ssh dir did not exist.. creating: $dir1" echo_warning mkdir $dir1 chmod 700 $dir1 chown $userid $dir1 fi # Check for authorized_keys file file1="/home/$userid/.ssh/authorized_keys" if [ ! -e $file1 ]; then echo "authorized_keys did not exist.. creating" echo_warning touch $file1 chmod 700 $file1 chown $userid $file1 fi # append public key to authorized_keys if grep -Fxq "$sshKey" $file1 then echo_warning echo "Key is already present in authorized_keys" else echo_success echo "Appending SSH key" echo $sshKey>>$file1 fi # modify ssh login file to allow SSH key logins sed -i 's/#RSAAuthentication/RSAAuthentication/g' /etc/ssh/sshd_config sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/g' /etc/ssh/sshd_config echo_success echo -e "User $userid should be able to login using SSH\n"
7. Now you need to specify the public ssh key from step four in your SSH client software. If your using Putty, you can find that here:
a. putty:
b: I’m using a Remote Desktop Manager (love this program and I highly recommend it to manage large numbers of Win/Linux boxes). I select the server, and hit cntrl-E to edit the session details. On the Connection tab I enter the details like you see below:
c. Which leads me into automation. If your using plink (another application that gets installed with Putty) or putty from the command line, just specify the location to the private key .ppk in qoutes with the -i switch.