SSH key based authentication (also known as public key authentication) allows for passwordless authentication, and is safer and much better than password authentication. 🐧 How to determine if a user is using password-based or key-based SSH authentication One of the main advantages of passwordless login over SSH, not to mention security, is that it automates various kinds of cross-server processes. 🔬 How to exchange an SSH key for passwordless authentication between Linux servers In this article, we will demonstrate how to create an SSH key pair and copy a public key to multiple remote Linux hosts at the same time using a shell script.
Create a new SSH key on Linux
First, generate an SSH key pair (the private / identity key that the SSH client uses to authenticate when logging into the remote SSH server and the public key stored as an authorized key on the remote system running the SSH server) using ssh – keygen as follows:
Creating bash script for multiple remote logins
Next, create a script to help copy the public key to multiple remote Linux hosts.
# vim ~/.bin/ssh-copy.sh
Copy and paste the following code into the file (replace the following variables accordingly USER_NAME is the username to connect, HOST_FILE is the file containing the list of hostnames or IP addresses, and ERROR_FILE is the file to store any errors from the ssh command).
#!/bin/bash USER_NAME="root" HOST_FILE="/root/hosts" ERROR_FILE="/tmp/ssh-copy_error.txt" PUBLIC_KEY_FILE="$1" if [ ! -f $PUBLIC_KEY_FILE ]; then echo "File '$PUBLIC_KEY_FILE' не найден!" exit 1 fi if [ ! -f $HOST_FILE ]; then echo "File '$HOST_FILE' не найден!" exit 2 fi for IP in `cat $HOST_FILE`; do ssh-copy-id -i $PUBLIC_KEY_FILE [email protected]$IP 2>$ERROR_FILE RESULT=$? if [ $RESULT -eq 0 ]; then echo "" echo "Открытый ключ успешно скопирован на $IP" echo "" else echo "$(cat $ERROR_FILE)" echo exit 3 fi echo "" done
Save the file and close it.
Then make the script executable with the chmod command, as follows:
# chmod +x ssh-copy.sh
Now run the ssh-copy.sh script and provide your public key file as the first argument as shown below:
# ./ssh-copy.sh /root/.ssh/prod-rsa.pub
Then use ssh-agent to manage your keys, which stores your decrypted private key in memory and uses it to authenticate logins.
After starting ssh-agent add your private key to it like this:
# eval "$(ssh-agent -s)" # ssh-add ~/.ssh/prod_rsa
Login to remote Linux server without password
You can now log into any of your remote hosts without entering a password to authenticate the SSH user.
This way you can automate cross-server processes.
# ssh [email protected]
If you have any special opportunities to improve the script, please let us know via the feedback form below.