Logging into Linux servers using ssh keys
The client I’m working for forces password updates every ~3 months, which means the 100 or so servers I’m logging into need to have their saved passwords updated in my SSH client software. I got really tired of this and so I decided to automate with a bash script in a secure way with ssh keys instead of passwords.
UPDATE: This post is primarily to share the bash script I wrote. For a more intuitive tutorial on my first steps 1-4, refer to something like this. The script I created helps propagate my public ssh key.
1. Install putty
2. in the program files folder of putty, start the app named puttygen
3. set key encryption to 2048. Click ‘generate’
4. save the private key to disk (copy the text of the public key and paste it into the script below for the value of publicSSHKey)
5. Copy the following into an executable file on your linux box. I called mine AddSSH.sh (chmod +x AddSSH.sh)
6. Execute the following as root… with sudo. (sudo AddSSH.sh)
#!/bin/bash
#
# AddSSH.sh
#
# Adds an SSH key to the authorized_keys file and allows system to accept SSH keys for login
# Requirements:
# 1. You must specify a valid user for the userid.
# 2. You must specify the public SSH key in publicSSHKey (Use putty's puttygen to create this").
# 3. Must run as rooooooot!
#
############################################################
# The user account you are enabling logins for
userid=""
# The public SSH key (you probably used puttygen to create)
publicSSHKey=""
# Source function library.
. /etc/rc.d/init.d/functions
clear
echo "Script name = $(basename "$0")"
echo -e "Script last modified. = \e[00;33m `date -r $0 +%c` \e[00m"
echo -e "\n\n"
# Ensure we are running as root
if [[ $UID != 0 ]]; then
echo "Please run this script as root (sudo su -):"
echo_failure
exit 1
fi
# Ensure the user specified in $userid exists
if [ ! -d /home/$1 ]; then
echo "the user specified in the script settings: ${1} , does not exist."
echo "You must edit this script and populate the userid variable with a valid user"
echo_failure
exit 1
fi
# Check for .ssh dir
dir1="/home/$userid/.ssh"
if [ ! -d $dir1 ]; then
echo ".ssh dir did not exist.. creating: $dir1"
echo_warning
mkdir $dir1
chmod 700 $dir1
chown $userid $dir1
fi
# Check for authorized_keys file
file1="/home/$userid/.ssh/authorized_keys"
if [ ! -e $file1 ]; then
echo "authorized_keys did not exist.. creating"
echo_warning
touch $file1
chmod 700 $file1
chown $userid $file1
fi
# append public key to authorized_keys
if grep -Fxq "$sshKey" $file1
then
echo_warning
echo "Key is already present in authorized_keys"
else
echo_success
echo "Appending SSH key"
echo $sshKey>>$file1
fi
# modify ssh login file to allow SSH key logins
sed -i 's/#RSAAuthentication/RSAAuthentication/g' /etc/ssh/sshd_config
sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/g' /etc/ssh/sshd_config
echo_success
echo -e "User $userid should be able to login using SSH\n"
7. Now you need to specify the public ssh key from step four in your SSH client software. If your using Putty, you can find that here:
a. putty:
b: I’m using a Remote Desktop Manager (love this program and I highly recommend it to manage large numbers of Win/Linux boxes). I select the server, and hit cntrl-E to edit the session details. On the Connection tab I enter the details like you see below:
c. Which leads me into automation. If your using plink (another application that gets installed with Putty) or putty from the command line, just specify the location to the private key .ppk in qoutes with the -i switch.
