I have a vendor that needs to install a set of scripts (written in korn) that will be run as root through crontab every day. This set of scripts will need to ssh as root to other servers without getting challenged for user name or password. So I have set up ssh key pairing and authorized_keys file.

But here's the thing. Users who log in to a server as themselves can su to root, then ssh directly to other servers as root. This breaks accountability. So, I decided to yank out the "IdentityFile" line in root user's ssh config, which will force users who are in root to now use the -i parameter when using ssh or scp commands. This obviously needs to be modified in the vendor's scripts as well.

However, I would hate to have the script contain a variable called "ssh_ID" so that the scripts can run something like this: /usr/bin/ssh -i ${ssh_ID} [remote_commands]

I want to see if there are simple string obfuscation scripts for korn shell that I can incorporate into the vendor scripts, so that ssh_ID is assigned the hashed string (instead of "/root/.ssh/id_dsa"). Apparently there are several samples out there for perl, but none for Korn shell. I'm sure I can try something myself, but I'm not exactly mathematically gifted. In fact, I don't even know how to offset a character without using ksh97!

Help?