11-11-2010
how about setting SSH keys between the hosts?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi All,
I'm looking for a script to change root password for about 200 servers of both Solaris and Linux. I'm not very good at scripting, can anyone share a script if you already have one?
:) (3 Replies)
Discussion started by: kvadivel80
3 Replies
2. Shell Programming and Scripting
Hi Friends.
I am new to scripting now i want to change the root password using the script with standard password.
which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies
3. Solaris
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies
4. Shell Programming and Scripting
HI I 'm new shall script and unix. I want to create script for change password root by ssh-keygen command . I have 50 servers and I want ot login ot the servers via ssh by type ones password and can login every machines.The script ssh-keygen must ot generate key every weekly than it send new... (2 Replies)
Discussion started by: pellnapook
2 Replies
5. Shell Programming and Scripting
Hi Everybody,
I am trying to write a script (ksh) to connect to oracle db via sqlplus.
As I do not want the password to be in plain text, I've tried to use java to encrypt and decrypt it but I am not sure how can I pass the decrypted password to the script. Pls advise.
Below is what I would... (1 Reply)
Discussion started by: Nick1971
1 Replies
6. UNIX for Advanced & Expert Users
Hi all,
I have a simple script to check the CPU, Swap Memory and Hard Disk. But I can auto assign password in the script to automatic run it in crontab.
Everytime when I run this script, it require to insert password like the message below :
How can I solve this problem ? (2 Replies)
Discussion started by: cafecoc85
2 Replies
7. Shell Programming and Scripting
Hello,
I am using below command but this is asking for tty
c42dba {/home/oracle}: echo sersnp | su -c ggs
standard in must be a tty
Best regards,
Vishal (4 Replies)
Discussion started by: admin_db
4 Replies
8. Red Hat
Hi Guys
In red hat linux server is there a way to alert via email when the root password is about to expire ?
As per security policy in our environment root password will expire in 90 days.
Example : It would be better if we receive a email on 7th november stating that the root password... (1 Reply)
Discussion started by: newtoaixos
1 Replies
9. Shell Programming and Scripting
Hello,
I have list of around 400 devices. I need to restart a service /etc/init.d/psap23.sh in all of them, but it should restart by root only.
Those have some other kind of light Linux. There is no sudo package in that and we can't/shouldn't install. Direct root login is not allowed. I login... (5 Replies)
Discussion started by: solaris_1977
5 Replies
10. UNIX for Beginners Questions & Answers
Hello everyone,
I want to check how long a remote computer is running (e.g. with the command uptime or who - b)
The check should be done during login from none root user by a script which is called from .cshrc. My script works fine if I login as root but I want that everybody get the information... (5 Replies)
Discussion started by: Nadielosabra
5 Replies
LEARN ABOUT MOJAVE
ssh-keyscan
SSH-KEYSCAN(1) BSD General Commands Manual SSH-KEYSCAN(1)
NAME
ssh-keyscan -- gather SSH public keys
SYNOPSIS
ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type] [host | addrlist namelist]
DESCRIPTION
ssh-keyscan is a utility for gathering the public SSH host keys of a number of hosts. It was designed to aid in building and verifying
ssh_known_hosts files, the format of which is documented in sshd(8). ssh-keyscan provides a minimal interface suitable for use by shell and
perl scripts.
ssh-keyscan uses non-blocking socket I/O to contact as many hosts as possible in parallel, so it is very efficient. The keys from a domain
of 1,000 hosts can be collected in tens of seconds, even when some of those hosts are down or do not run sshd(8). For scanning, one does not
need login access to the machines that are being scanned, nor does the scanning process involve any encryption.
The options are as follows:
-4 Force ssh-keyscan to use IPv4 addresses only.
-6 Force ssh-keyscan to use IPv6 addresses only.
-c Request certificates from target hosts instead of plain keys.
-D Print keys found as SSHFP DNS records. The default is to print keys in a format usable as a ssh(1) known_hosts file.
-f file
Read hosts or ``addrlist namelist'' pairs from file, one per line. If '-' is supplied instead of a filename, ssh-keyscan will read
from the standard input. Input is expected in the format:
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
-H Hash all hostnames and addresses in the output. Hashed names may be used normally by ssh(1) and sshd(8), but they do not reveal
identifying information should the file's contents be disclosed.
-p port
Connect to port on the remote host.
-T timeout
Set the timeout for connection attempts. If timeout seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, the connection is closed and the host in question considered unavailable. The default is
5 seconds.
-t type
Specify the type of the key to fetch from the scanned hosts. The possible values are ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa''.
Multiple values may be specified by separating them with commas. The default is to fetch ``rsa'', ``ecdsa'', and ``ed25519'' keys.
-v Verbose mode: print debugging messages about progress.
If an ssh_known_hosts file is constructed using ssh-keyscan without verifying the keys, users will be vulnerable to man in the middle
attacks. On the other hand, if the security model allows such a risk, ssh-keyscan can help in the detection of tampered keyfiles or man in
the middle attacks which have begun after the ssh_known_hosts file was created.
FILES
/etc/ssh/ssh_known_hosts
EXAMPLES
Print the RSA host key for machine hostname:
$ ssh-keyscan -t rsa hostname
Find all hosts from the file ssh_hosts which have new or different keys from those in the sorted file ssh_known_hosts:
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts |
sort -u - ssh_known_hosts | diff ssh_known_hosts -
SEE ALSO
ssh(1), sshd(8)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC 4255, 2006.
AUTHORS
David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne Davison <wayned@users.sourceforge.net> added support for protocol ver-
sion 2.
BSD
March 5, 2018 BSD